Very long story short. I needed a USB Microscope for another rabbit hole.. then I had a thought. Is Amazon marketplace being used to distribute malware? I bought a $20 USB Microscope from Amazon after reading the review below which caught my interest.
There were several reasons why the ad stood out specifically; 1) Several identical units under various sellers/brands. 2)4,800+ purchases for an item w/ several versions. 3) 80 people found "Buyer beware of virus/spyware!" to be a 'helpful' Customer Review. 4) No direct seller contact information available online other than email address. 5) Selling since 2019(ish). That is a long time for any non-professional camera device.
After the unit arrived I went ahead and ran the softwares it was supplied with through VirusTotal. A cryptominer Trojan Horse and bot were found with file autorun.exe [Trojan.Win32.Miner.oa!s1 && https://www.virustotal.com/gui/file/54d268d385ad74ce096bc3848169eca9d8f70efb7e6d22bec68aa294ac32e27e]. Autorun.exe is A file which would automatically run on any Windows PC once the CD is inserted.
False positive? Or new-new obfuscation? I would like to dig a little more.
https://www.jiusion.com/ Is pretty much a mirror of the Microscope sellers' website [https://bysameyee.com/]. When you initiate a search on address 'email@example.com' you return A LOT of results and may begin to formulate a picture of their business model. They [possibly could] flood the market with an inexpensive USB microscope, with malware as software, and abandon shop when the outlook isn't great. Then open a new one. Fly-by-night 'usb' brands.
Most data resources associated with that same email are sketchy and almost ALL include links to download AV software and or alternative product drivers. I'll pass.
I decided to download all drivers and softwares directly from the Jiusion website and process through VirusTotal. Nothing was flagged...until Amcap.zip
DO NOT DOWNLOAD: https://www.jiusion.com/tmp/madeimg/Amcap.zipfile.dont.linkme
More flase positives?
I decided to download all drivers and softwares directly from the Bysameyee website and process through VirusTotal.
Next, DO NOT DOWNLOAD: https://www.bysameyee.com/tmp/madeimg/USBCAMERA.apkfile.dont.linkme
Now, this one, is simply interesting when compared to the product listings. There is a big push to connect this camera to an Android device. The packing includes a usb OTG adapter and the device manual states it does not support Apple devices.
Next, DO NOT DOWNLOAD: https://www.bysameyee.com/tmp/madeimg/OTGView.apkfile.dont.linkme
My RE skills are not the greatest. I doubt I will further research. I was more so curious to see if Amazon took any steps to research product security, based on reviews, after being reported. A few years ago I reported a Uokoo wifi camera that was phoning home at odd hours of the day. I never received a response from the merchant, the manufacturer [in Shenzen], nor Amazon YET the product line was pulled entirely shortly after reported! Uokoo operated with a similar business model from my research.
At this point, the average consumer, should purchase something more reputable.
Yes. I'm keeping the scope.
TLDR video version;
*Yes, I know, a low YT score is usually a good sign. Not always!
- A. Buford
- June, 2022