Be careful products sold on Amazon are infected with malware

Beware, even things on Amazon come with embedded malware… this is the disconcerting discovery made by the expert Mark Olsen.

The security expert Mike Olsen warned about the presence of malware in products sold through the Amazon service. Olsen was searching for outdoor surveillance cameras on Amazon for a friend’s home. He has found an interesting offer on Amazon, a deal for a set of 6 poe cameras and recording equipment.

Once in possession of the outdoor camera set, he tried to install its control software on the friend’s machine. By logging into the admin webpage he noticed the interface showed the camera feed, but none of the normal controls or settings was available.

Olsen suspected that an error in the code was causing the strange behavior so he decided to give a close look at the software. Inspecting the code he noticed an iframe linking to suspicious host name.“Being one of those guys who assumes bad CSS, I went ahead and opened up developer tools. Maybe a bad style was hiding the options I needed. Instead, what I found tucked at the bottom of the body tag was an iframe linking to a very strange looking host name.” wrote Olsen in the blog post.

Who is brenz.pl? Simple, let’s ask it to Google.The domain is known to be a bad domain used for fraudulent activities, including malware-based attacks. Searching for more information online, we can find more information about the domain.

Virus Total also reports it as a malicious domain, meanwhile, experts at Sucuri confirmed in a blog post dated 2011 that they used to see brenz.pl being used to distribute malware back in 2009.“Malware. See this page or just simply go through this google search for more information. My guess is many people have missed this. The seller has great ratings and the products are a good deal. So be careful what you buy!” wrote Olsen.

A month ago, a user in a forum discussion reported the presence of a link to the malicious domain in the firmware running on commercial products.

“Just a caution for those upgrading the SC10IP’s firmware…I have come across a version with malware embedded in all the HTML pages.” reporetd the user.”each HTML file contains an iframe link to www. brenz. pl, which is (was) a malware distribution site. The site is recognised by Chrome’s malware detection, so you get a big warning not to proceed. It has also been taken over by CERT PL, so i presume it can’t cause any harm now.”Watch out! Now you know that even products sold on Amazon could be infected.”

Second, Amazon stuff can contain malware.” wrote Olsen.

[adrotate banner=”9″]

Pierluigi Paganini 

(Security Affairs – Amazon infected products, malware)