Skip to content

SF Bay Area Times

That Bargain Mini PC Might Ship With Spyware: Revisiting the AceMagic Case

Cover Image for That Bargain Mini PC Might Ship With Spyware: Revisiting the AceMagic Case
Priya Nair
Priya Nair
Share:

If you have ever scrolled past a suspiciously cheap mini PC on Amazon and wondered where the corners got cut, the AceMagic episode of early 2024 is worth keeping in mind. In that case, one of the corners cut was the malware screening.

A new computer that arrived pre-infected

In February 2024, a tech reviewer who goes by The Net Guy unboxed a new AceMagic mini PC, turned it on, and saw Windows Defender light up almost immediately. The machine had shipped with malware already installed — not downloaded later, not picked up online, but present out of the box.

The Net Guy Reviews shows the AceMagic mini PC flagging malware on first boot

Video: The reviewer who first spotted the problem walks through the malware warning on a brand-new AceMagic machine (YouTube).

Security researchers and tech outlets identified two threats. One, Bladabindi, is a backdoor that quietly collects information about you and your computer and can install more malicious software. The other, RedLine Stealer, is designed to grab saved passwords from your browser, hunt for cryptocurrency wallets, and catalog what's on your system. Both are the kind of thing built to drain accounts and identities, not just slow your computer down.

The affected machines were AceMagic's AD08, AD15, and S1 models built in late 2023, as reported by Tom's Hardware and The Register.

How a factory ships spyware by "accident"

AceMagic's explanation was almost as striking as the problem. The company said its developers had altered the Windows software image to make the computers boot faster, and in doing so changed network settings and skipped the digital signatures that normally certify a clean, untampered system.

Strip away the jargon and it means this: someone modified the operating system before it shipped and turned off the safeguard that would have caught the modification. Whether that opened the door to the malware or simply hid it, the protection that was supposed to be there wasn't.

What it means for everyday buyers

Mini PCs from lesser-known brands can be a genuinely good deal. But the AceMagic case is a reminder that the price doesn't include a guarantee that the machine is clean.

A reviewer walks through checking a budget mini PC for preinstalled malware

Video: Independent reviewers walked through how to check an affected mini PC and clean it (YouTube).

A few practical habits go a long way:

  • Don't trust the factory image blindly. For any new low-cost PC, doing a clean reinstall of Windows from Microsoft's own installer wipes whatever the vendor put on it. It's an afternoon of effort that removes a whole category of risk.
  • Let your antivirus run on first boot. In the AceMagic case, stock Windows Defender caught the threat right away. Don't disable it for "performance," and pay attention when it warns you.
  • Watch the network. Malware like this phones home. A computer that's chattering to unfamiliar servers the moment it's unboxed is a red flag.
  • Buy where returns are easy. Part of why this story ended reasonably well for buyers is that the machines were sold through platforms with refund policies.

To its credit

AceMagic did own the problem. It publicly acknowledged the infection, offered refunds and clean system images, and gave affected customers a rebate or discount. It also said the issue was limited to a first shipment — a claim that's comforting if true and impossible for an outside buyer to confirm.

For Bay Area readers who buy a lot of gadgets, the lesson isn't "never buy a budget mini PC." It's that a brand-new computer is only as trustworthy as the company that imaged it — and a clean reinstall is cheap peace of mind.

Based on reporting by Tom's Hardware, The Register, and Notebookcheck, February 2024.