Acemagic, a Chinese manufacturer of personal computers, has acknowledged that certain products were shipped with pre-installed malware.
The discovery was made by a YouTuber known as The Net Guy, who encountered malware on Acemagic mini PCs during testing in early February. The malware, identified as Bladabindi, was detected by Windows Defender shortly after booting the machine. Bladabindi is a well-known backdoor that can steal user information and facilitate the installation of other malicious software.
Recently, Acemagic confirmed that some of its PCs were indeed infected with Bladabindi and also raised concerns about the potential presence of another malware called Redline. Redline is capable of stealing information from web browsers, conducting system inventories, and even pilfering cryptocurrency.
Acemagic's explanation for the malware's presence was somewhat perplexing and inconsistent. Initially, the company attributed the issue to adjustments made by software developers to enhance user experience by reducing boot time, which inadvertently affected network settings and omitted digital signatures. However, in a subsequent statement to The Register, the company mentioned that the incident stemmed from similar software adjustments made by developers.
The company has pledged to bolster its use of digital certificates to prevent unauthorized modifications, hinting that external parties might have accessed its machines or its master copy of Windows to deliver the malware.
It remains uncertain whether the infections occurred at the factory or after the PCs were in the possession of their new owners. Acemagic has announced plans to refund the cost of machines manufactured between September and November 2023 and has advised owners to check the stickers affixed to their models for the date of manufacture.
Interestingly, just before The Register received Acemagic's acknowledgment of the malware issue, they received a review unit of one of its PCs. However, the labels on that unit did not contain information about the date of manufacture, nor did the QR codes provide such details.
Acemagic has provided clean system images for owners to disinfect their machines and is offering a 25 percent purchase price rebate for those who do so. Additionally, owners of infected machines can apply for a voucher providing a ten percent discount on any future Acemagic purchase, though it remains to be seen if customers will trust the brand after this incident.