Be careful products sold on Amazon are infected with malware

Beware, even things on Amazon come with embedded malware… this is the disconcerting discovery made by the expert Mark Olsen.

The security expert Mike Olsen warned about the presence of malware in products sold through the Amazon service. Olsen was searching for outdoor surveillance cameras on Amazon for a friend’s home. He has found an interesting offer on Amazon, a deal for a set of 6 poe cameras and recording equipment.

Once in possession of the outdoor camera set, he tried to install its control software on the friend’s machine. By logging into the admin webpage he noticed the interface showed the camera feed, but none of the normal controls or settings was available.

Olsen suspected that an error in the code was causing the strange behavior so he decided to give a close look at the software. Inspecting the code he noticed an iframe linking to suspicious host name.“Being one of those guys who assumes bad CSS, I went ahead and opened up developer tools. Maybe a bad style was hiding the options I needed. Instead, what I found tucked at the bottom of the body tag was an iframe linking to a very strange looking host name.” wrote Olsen in the blog post.

Who is brenz.pl? Simple, let’s ask it to Google.The domain is known to be a bad domain used for fraudulent activities, including malware-based attacks. Searching for more information online, we can find more information about the domain.

Virus Total also reports it as a malicious domain, meanwhile, experts at Sucuri confirmed in a blog post dated 2011 that they used to see brenz.pl being used to distribute malware back in 2009.“Malware. See this page or just simply go through this google search for more information. My guess is many people have missed this. The seller has great ratings and the products are a good deal. So be careful what you buy!” wrote Olsen.

A month ago, a user in a forum discussion reported the presence of a link to the malicious domain in the firmware running on commercial products.

“Just a caution for those upgrading the SC10IP’s firmware…I have come across a version with malware embedded in all the HTML pages.” reporetd the user.”each HTML file contains an iframe link to www. brenz. pl, which is (was) a malware distribution site. The site is recognised by Chrome’s malware detection, so you get a big warning not to proceed. It has also been taken over by CERT PL, so i presume it can’t cause any harm now.”Watch out! Now you know that even products sold on Amazon could be infected.”

Second, Amazon stuff can contain malware.” wrote Olsen.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Amazon infected products, malware)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.