expired Posted by parrot123 • Oct 29, 2024
Oct 29, 2024 5:40 PM
Item 1 of 8
Item 1 of 8
expired Posted by parrot123 • Oct 29, 2024
Oct 29, 2024 5:40 PM
ACEMAGICIAN [Dual LAN Mini Gaming PC AMD Ryzen 7 5800U Mini PC $247.48 Prime Members only
$247
$269
8% offAmazon
Visit AmazonGood Deal
Bad Deal
Save
Share
Leave a Comment
60 Comments
Sign up for a Slickdeals account to remove this ad.
The first box I was shipped hand unexpected gifts.
I spent a good three months fighting the trojans on this rig. State Actor formulated versions of bladabind and red line malware. You can go to Joe's sandbox and read a full executive report on the trojans. They manipulated ntframework, attempted exfiltration, and opened listeners through xml on 912 as well as rdp ports. As someone who examines malware for a living I could not place how it arrived on my rig in an isolated vlan behind a firewall. It turns out it was installed before the computer arrived.
This malware maintains persistence on the recovery partition. Unfortunately it takes full advantage of ssd technology and establishes itself in the recovery partition. A hidden area on devices provides over-provisioning, optimizing performance for flash-based storage systems that use NAND.
The claims Acemagic made was that the over provisioning made the hard drive faster. The reality is by exploiting overprovisioning, the state actor malware became invisible to the user, applications, and anti-virus on the device. The malware can rest in no man's land for months before arriving on your system.
Even if the malware isn't caught on devices they claim are clean, by staging malware in no man's land, it's just a time bomb waiting to explode. How many people actually sit around monitoring their rig with sys internals all day? By the time it hits, it will establish itself and start the process all over again.
I initially reviewed my first machine. After getting runaround by support, Ace Magic agreed to send me another rig as long as I deleted my first review. I accepted the bribe, much to my dismay. I was sent a device with a third of the capabilities as the first box I was sent, and it had the same infections.
Both machines are now on an isolated vlan with activity being ingested into a siem, so I can supply a full executive report to others so they are not affected by the malicious activity. Your average person trying to save a buck does not need to fall victim to these bad actors attempting to exfiltrate your data.
I understand the machine is not trusted foundry, but the fact of the matter is there is zero accountability towards these actors. The company has many monikers selling their malware loaded merch online, and they will just rebrand even if acemagic/acemagician/etc gets shut down.
They even closed their myshopify front facing website this past week, after having an apology post admitting to loading these machines with the malware posted.
The malware was good, constantly editing HKCU and HKLM registry keys, disable anti-virus, disabling sys internals, preventing offline scans, using spool services to communicate, and attempting to use ipv6.
Needless to say, I am well versed in malware and had difficulty assessing the totality of the damage until I had to rebuild my soho environment.
So here I am, out money spent on the rigs, and time spent fighting the monsters. For those that this review helps, I will be happy. Fortunately, I do fight actors like this for a living and can use the lessons learned to formulate an executive summary to help plenty of others.
Unless you actually know how to battle state actor malware, do yourself a favor and purchase a machine from a reputable company. Saving a buck is not worth losing your information.
"A hidden area on devices provides over-provisioning, optimizing performance for flash-based storage systems that use NAND."
Sounds above and beyond any normal person's skill... Just swap the SSD I guess, but that makes it more expensive...
"A hidden area on devices provides over-provisioning, optimizing performance for flash-based storage systems that use NAND."
Sounds above and beyond any normal person's skill... Just swap the SSD I guess, but that makes it more expensive...
"This malware maintains persistence on the recovery partition."
The malware is due to hacked version of Windows Home used to bypass online account requirement. Delete all partitions and reinstall, it's not that difficult.
From one of the Q&A:
1. Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter
2. Intel(R) Ethernet Controller I226-V [8086-125C] [NoDB]
My last experience with RealTek & pfSense was over 10 years ago, and things initially seemed to work fine, but then it would randomly lose WAN connectivity. Unfortunately, just because pfSense boots and sees the NICs doesn't tell you a lot. If you plan to use intrusion detection (Suricata or Snort), forget it.
In theory, you could VLAN the one Intel NIC on-board, but there are plenty of cheap compact equivalents to this with (multiple) Intel NICs. And to use VLAN, you'd need a VLAN-enable switch somewhere to assign a VLAN to your WAN vs your LAN.
I agree with most of the posts about just wiping everything out and reinstalling what you want. It only takes maybe a half an hour to do that. I doubt this has an SPI but if it does it's probably a good idea to figure that in with trying to get that cleared out and reset to a known state.
It is a small amount of work but if you don't want to do any of that then stay away from any of these types of machines since what you're looking for - some sort of guaranteed peace of mind - isn't going to be free either.
Sign up for a Slickdeals account to remove this ad.
"This malware maintains persistence on the recovery partition."
The malware is due to hacked version of Windows Home used to bypass online account requirement. Delete all partitions and reinstall, it's not that difficult.
From one of the Q&A:
1. Realtek RTL8168/8111 PCI-E Gigabit Ethernet Adapter
2. Intel(R) Ethernet Controller I226-V [8086-125C] [NoDB]
My last experience with RealTek & pfSense was over 10 years ago, and things initially seemed to work fine, but then it would randomly lose WAN connectivity. Unfortunately, just because pfSense boots and sees the NICs doesn't tell you a lot. If you plan to use intrusion detection (Suricata or Snort), forget it.
In theory, you could VLAN the one Intel NIC on-board, but there are plenty of cheap compact equivalents to this with (multiple) Intel NICs. And to use VLAN, you'd need a VLAN-enable switch somewhere to assign a VLAN to your WAN vs your LAN.
P.s. do I need to worry that I clicked the link to the product page? Does acemagician now have access to my PC?! 😩
Sign up for a Slickdeals account to remove this ad.
Leave a Comment