Factory-Installed Malware Discovered on Low-Cost Android Projectors Sold on Major E-commerce Platforms

A researcher discovered factory-installed malware on a low-cost Android projector, including a dropper named StoreOS and a persistent Remote Access Trojan (RAT) called SilentSDK. The malware communicates with a command-and-control (C2) server in China (api.pixelpioneerss.com) and employs techniques like byte-reversal on APK payloads. Decrypted strings reveal capabilities such as remote command execution, permission escalation (chmod 777), and device fingerprinting. The full analysis, including the kill chain and decryption scripts, is documented in a GitHub report.