In a highly embarrassing incident for Acemagic, a Chinese PC manufacturer, a number of its products have been shipped with numerous vulnerabilities.

When setting up a brand-new PC out of the box, you would expect it to be highly secure and as protected against current threats as it could be. However, this isn’t always the case. PCs are complex pieces of machinery, packed full of processes, apps and coding to provide the full PC experience. And all of this leaves room for mistakes. Acemagic has learned this the hard way, as have their customers, who have now found their brand-new PCs are vulnerable to countless malware threats.

It’s a nightmare scenario for all involved, so we’re going to look at what’s happened.

The Dangers of Tinkering with Windows Source Code

In a bid to improve the performance of their PCs, Acemagic’s software developers decided to adjust Microsoft’s source code for Windows. This involved altering network settings, but inadvertently resulted in the process of digital signature verification being skipped. Digital signatures are used to verify the authenticity of data passing through PCs, so, without these in place, applications are at risk of being compromised with malware. Acemagic’s aim was to reduce boot times for its customers, but it resulted in the PCs becoming infected with malware.

From bootup, security researchers have been able to discover malware such as Bladabindi and Redline on Acemagic PCs. Both these strains of malware are designated as info stealers, so they have the potential to steal login credentials, financial data, and also download further malware. Additionally, Redline is capable of stealing cryptocurrency.

Acemagic has announced that the software adjustments were stopped on November 18th 2023, but this still leaves a large number of compromised PCs in use by unsuspecting users. Going forwards, Acemagic has pledged to put more focus on digital certificates, a move they claim will be able to stop unauthorized modifications in the future. But the damage to Acemagic’s reputation has been done, and it’s not been helped by the fact that Acemagic has been unable to pinpoint exactly when the malware was downloaded onto their machines.

Staying Safe with New PCs

A new PC should be as safe as you can get, but the Acemagic fiasco has demonstrated how they can be just as dangerous as a PC which is several years old. Therefore, it’s crucial you take precautions when setting up a new PC:

  • Set it up offline: to protect your existing network, it’s a good idea to fully set up your PC before connecting it to your network. Not only does this ensure the PC is correctly configured to join your network, but it also allows you to secure the device and limit the spread of any pre-installed malware.
  • Scan for malware: one of the first things you should do with a new PC is scan it for malware. As we’ve seen with Acemagic, even brand-new PCs can be compromised with malware, so it makes sense to eliminate this threat before it can become active on your network. Running a quick scan with apps such as AVG or McAfee will identify any threats and quickly remove them.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More


China has been a long-term participant in upping the potential of malware, but it appears they have reached a new peak with their Daxin malware.

In a quite remarkable statistic, it’s estimated that nearly half of all PCs in China are infected with malware. Clearly, the distribution of malware within the country is a hardened campaign and, not surprisingly, China is also responsible for producing some major malware designers. And, despite all their ‘successes’ in the world of hacking, they aren’t about to rest on their laurels. Researchers from Symantec have discovered that the Daxin malware represents a sophisticated threat to PCs all over the world.

New malware threats emerge every day, but occasionally a head-turner appears on the scene, and it pays to take notice of it.

What is Daxin?

The earliest evidence of Daxin, in its most basic form, dates back to November 2013 when it was first discovered in a number of cyber-attacks e.g. versions of the Exforel malware. Given the time that has elapsed since then, Daxin has evolved into a highly sophisticated hacking tool.

Using an infected Windows kernel driver, Daxin’s main objective is to establish backdoor access on any PC that it infects. Once this has been established, Daxin strives to keep its presence hidden through a number of stealthy processes. It does this by implementing advanced communication techniques to hide itself within normal network traffic. Daxin is also capable of sending single commands across entire networks which have been infected, this allows it to work at a devastating pace and inflict maximum damage.

One of the most sophisticated aspects of Daxin is that it can hijack TCP/IP sessions; this means that it can identify patterns in internet traffic and use this knowledge to disconnect legitimate users and ‘steal’ their pathway. Not only does this give hackers unauthorized access, but it also allows them to blend into seemingly normal traffic and remain undetected. While Daxin is certainly a sophisticated piece of code, it also employs more traditional techniques such as downloading further malware and spreading this throughout infected networks.

How Do You Beat Daxin?

The precise details of Daxin’s infection methodology haven’t, as of yet, been revealed, so it’s difficult to give a definitive answer on the best way to protect your PC. Nonetheless, these best security practices should provide you with a significant level of protection:

  • Always Use Official Upgrades: one of the most crucial elements of protecting a PC is by installing updates, but you need to make sure these are genuine. Accordingly, head straight to the manufacturer of specific hardware/software to guarantee you are downloading the correct updates.
  • Monitor Network Traffic: while Daxin is certainly stealthy when it comes to network activity, it still makes sense to monitor your network. Anything which looks even slightly suspicious should be scrutinized closely and a contingency plan activated to reduce potential damage.

For more ways to secure and optimize your business technology, contact your local IT professionals.

Read More