Landing page banner

The Singapore Police Force (SPF) and Cyber Security Agency of Singapore (CSA) would like to inform members of the public to be vigilant against the dangers of non-certified streaming devices commonly known as Android TV boxes which can be plugged directly to the TV to watch streamed content on their TV screens. There are various types of Android TV boxes; Certified Android TV boxes will support official, licensed applications such as Netflix and Disney+, while non-certified devices often support illegal streaming sites or distribute malicious applications. Users who visit illegal streaming sites or download unofficial applications through their non-certified TV boxes may be exposed to malware that can compromise their home networks and personal information. 

Malware present in affected TV boxes will infect users’ devices with malicious applications, turning it into part of a botnet - a network of compromised computers used to carry out cyberattacks such as Distributed Denial-of-Service (DDoS) attacks and spam campaigns. The malware also commonly steals users’ personal data and users’ Internet Protocol (IP) addresses to commit crimes. These include phishing campaigns, spam email distribution, ad fraud and online scams. Users affected by such malware may notice slow device performance, unusual account behaviour, persistent pop-ups, suspicious programmes, and system instability on their devices.

Users are advised to adopt the following precautionary measures to safeguard your personal information and systems against botnets:

1. Use official streaming services or purchase certified streaming devices from reputable brands.
   
   
2. Buy products from reputable manufacturers who are more likely to produce devices that are secure, while considering industry standards and best practices for Internet of Things ¹ (IoT). Additionally, you can assess a manufacturer's track record of how security vulnerabilities were addressed. You may refer to CSA’s website on the Cybersecurity Labelling Scheme (CLS) for consumer smart devices to obtain more information on IoT security at https://www.csa.gov.sg/our-programmes/certification-and-labelling-schemes/cybersecurity-labelling-scheme/for-consumers/.
   
   
3. Download applications from official application stores and websites. Refrain from downloading applications from third-party websites, as these applications may contain malicious software that gives cybercriminals access to your personal data and device functions.
   
   
4. Certain streaming devices supports the use of anti-virus applications. Ensure that these applications are regularly updated so that they can detect the latest malware. You can refer to the CSA website for the recommended list at https://www.csa.gov.sg/resources/tips-and-resources/recommended-security-apps-list.

Users are advised to perform the following actions in the event they suspect that their streaming devices are infected by malware:

1. Disconnect the device from the internet immediately;
   
   
2. Run a security scan, uninstall any suspicious third-party apps and check your bank / SingPass / CPF accounts for any unauthorised transaction(s);
   
   
3. If malware is detected on your device or there are unauthorised transaction(s), report to the bank, relevant authorities and lodge a police report immediately. Do not perform a factory reset before reporting the incident to the police as this could hinder investigations; and
   
   
4. If no malware is detected and there are no unauthorised transaction(s), you may resume usage or choose to perform a full factory reset on the device as a precautionary measure.
   
   

1. Change your password immediately and enable Multi-Factor Authentication (MFA), if available, to secure your account. If you have used the same compromised password for other accounts, those passwords should be reset to prevent unauthorised access. 
   
   
2. Perform a full system scan with an updated anti-virus software if you have clicked on a phishing link or opened a suspicious attachment in a phishing email.
   
   
3. If there are unauthorised transactions detected in your bank account(s) and/or suspicious activities in your Singpass account, report the incident to your bank and/or Singpass helpdesk immediately.
   
   
4. Report the incident to the relevant authorities and lodge a police report at any Neighbourhood Police Centre or online at https://eservices1.police.gov.sg. You may also wish to report the incident to SingCERT at https://go.gov.sg/singcert-incident-reporting-form.