expired Posted by parrot123 • Oct 29, 2024
Oct 29, 2024 5:40 PM
Item 1 of 8
Item 1 of 8
expired Posted by parrot123 • Oct 29, 2024
Oct 29, 2024 5:40 PM
ACEMAGICIAN [Dual LAN Mini Gaming PC AMD Ryzen 7 5800U Mini PC $247.48 Prime Members only
$247
$269
8% offAmazon
Visit AmazonGood Deal
Bad Deal
Save
Share
Leave a Comment
60 Comments
Sign up for a Slickdeals account to remove this ad.
Our community has rated this post as helpful. If you agree, why not thank desynergy
Are there any other machines like this that would be good for gaming?
Sign up for a Slickdeals account to remove this ad.
Our community has rated this post as helpful. If you agree, why not thank ghostfreckle
PS: Some of these chinesium mini pcs have the trojan/virus baked into the recovery partition... So clean install.
Our community has rated this post as helpful. If you agree, why not thank ghostfreckle
The first box I was shipped hand unexpected gifts.
I spent a good three months fighting the trojans on this rig. State Actor formulated versions of bladabind and red line malware. You can go to Joe's sandbox and read a full executive report on the trojans. They manipulated ntframework, attempted exfiltration, and opened listeners through xml on 912 as well as rdp ports. As someone who examines malware for a living I could not place how it arrived on my rig in an isolated vlan behind a firewall. It turns out it was installed before the computer arrived.
This malware maintains persistence on the recovery partition. Unfortunately it takes full advantage of ssd technology and establishes itself in the recovery partition. A hidden area on devices provides over-provisioning, optimizing performance for flash-based storage systems that use NAND.
The claims Acemagic made was that the over provisioning made the hard drive faster. The reality is by exploiting overprovisioning, the state actor malware became invisible to the user, applications, and anti-virus on the device. The malware can rest in no man's land for months before arriving on your system.
Even if the malware isn't caught on devices they claim are clean, by staging malware in no man's land, it's just a time bomb waiting to explode. How many people actually sit around monitoring their rig with sys internals all day? By the time it hits, it will establish itself and start the process all over again.
I initially reviewed my first machine. After getting runaround by support, Ace Magic agreed to send me another rig as long as I deleted my first review. I accepted the bribe, much to my dismay. I was sent a device with a third of the capabilities as the first box I was sent, and it had the same infections.
Both machines are now on an isolated vlan with activity being ingested into a siem, so I can supply a full executive report to others so they are not affected by the malicious activity. Your average person trying to save a buck does not need to fall victim to these bad actors attempting to exfiltrate your data.
I understand the machine is not trusted foundry, but the fact of the matter is there is zero accountability towards these actors. The company has many monikers selling their malware loaded merch online, and they will just rebrand even if acemagic/acemagician/etc gets shut down.
They even closed their myshopify front facing website this past week, after having an apology post admitting to loading these machines with the malware posted.
The malware was good, constantly editing HKCU and HKLM registry keys, disable anti-virus, disabling sys internals, preventing offline scans, using spool services to communicate, and attempting to use ipv6.
Needless to say, I am well versed in malware and had difficulty assessing the totality of the damage until I had to rebuild my soho environment.
So here I am, out money spent on the rigs, and time spent fighting the monsters. For those that this review helps, I will be happy. Fortunately, I do fight actors like this for a living and can use the lessons learned to formulate an executive summary to help plenty of others.
Unless you actually know how to battle state actor malware, do yourself a favor and purchase a machine from a reputable company. Saving a buck is not worth losing your information.
Yes. It stinks that it comes with a trojan but re-installing windows takes about 10 minutes these days.
Sign up for a Slickdeals account to remove this ad.
As always:
Do a wipe/fresh OS install when you get it.
Only download drivers/software from acemagic.com and not a acemagic cloned site that the sellers link you to.
Leave a Comment