We recently reported that malware was found in certain revisions of systems from the manufacturer Acemagic. As we had also tested these mini PCs and they were connected to my network, the matter was of course even more explosive. If you want to read the whole thing again, you can find the original article here:
And even though I couldn’t find any malware on the allegedly affected systems, I naturally asked the manufacturer for a statement. This has now also been submitted, you can read it completely unedited here:
Acemagic-Malware-Statement
I would like to briefly discuss the relevant points without marketing and PR blah-blah.
… proactively addressed an isolated virus incident affecting a specific batch of mini PCs.
We’re off to a bad start, because the word “proactively” doesn’t just mean “determining the development of an event through differentiated advance planning and targeted action” in my vocabulary. And this can’t be the case here if the computers in question are already at the customer’s premises. Because then only reactive action is possible.
The incident stemmed from software adjustments made by developers to reduce boot times, which inadvertently affected network settings and omitted digital signatures, leading to reports of virus-infected mini PCs manufactured before November 18, 2023.
So according to Acemagic, it wasn’t actually Bladabindi or Redline malware on the systems, but the omission of signatures caused Windows Defender to draw the wrong conclusions. Since I lack the necessary expertise in malware forensics and the affected files, I cannot evaluate this statement any further. So moving on, what does Acemagic offer affected customers?
Customers can check the production date on the bottom sticker of their device to determine if it is affected. Full refunds and return shipping costs will be provided for products produced between September and November.
That’s very good, with a full refund including shipping costs, there’s nothing to complain about.
For customers who choose to retain their products [and reinstall using a provided clean image], we will provide compensation of up to 25% of the order price. To qualify for the 25% refund, customers must provide the Official website order number, a screenshot of the pre-installed browser (upsearch), and a screenshot of the detected virus.
Customers who choose to keep their products [and reinstall with a clean image provided] will receive a refund of up to 25% of the order price if they provide the Official website order number, a screenshot of the pre-installed browser (upsearch), and a screenshot of the detected virus.
This is also a good response to the situation and a fair offer for the effort involved. What makes me a little suspicious, however, is the mention of an order number from their own webshop and “up to” 25%. More on this in a moment.
Affected customers will receive a minimum 10% brand discount after verification, applicable for the purchase of new products.
Offering a discount code for future purchases in addition to the previous two options is a nice gesture, but whether those affected will actually buy an Acemagic system again is probably questionable. I won’t go into the various measures that will be taken in the future to prevent further incidents like this. This can be summarized under “We promise to take better care” and can be read in the PDF above. It is interesting, however, that they want to digitally sign all software in order to prevent unwanted changes.
But what was left open here: What about customers who didn’t buy a mini PC directly from the Acemagic webshop? I would assume that a considerable number of systems have found their way into the home office via Amazon. Do the above points still apply? I have sent this question to Acemagic, along with a request to explain when less than 25% refund is paid if you keep the system and reinstall it yourself.
My last statement was that I will most likely end my cooperation with Acemagic. But even if the statement from the manufacturer has been a while in coming, the reaction is good for now. Full refunds even long after the return period has expired, partial refunds if you fix the problem yourself and promises of improvement. As cynical as it sounds, this came as a surprise to me. I honestly expected Acemagic to disappear and reappear two weeks later under a new name and logo. A tactic that is unfortunately not uncommon for brands with seemingly randomly generated names from the Far East. Depending on the response to my query and feedback from the community, I may agree to future test requests again. I declined the last one from shortly before the incident after it became known. If anything, there will always be a link to this incident right at the beginning.
In general, I find the frequency of similar “virus ex works” incidents in recent years very worrying, as well as how quickly they disappear from the collective memory. It wasn’t long ago that the Asus update service was distributing malware, Gigabyte had UEFI rootkits in its firmware via a supply chain attack and MSI had private keys for its own software signatures stolen in a hacker attack. I wonder if anyone still has this in mind today when they put a new motherboard in their shopping cart?
45 Antworten
Kommentar
Lade neue Kommentare
1
Veteran
Urgestein
Mitglied
Urgestein
Urgestein
Moderator
Urgestein
Urgestein
Urgestein
Urgestein
Urgestein
Urgestein
Veteran
1
Neuling
Urgestein
Moderator
Moderator
Alle Kommentare lesen unter igor´sLAB Community →