Infected Android TV Box in my network

I'd say change what you can change, and isolate devices you can't change.  Infecting a router is unlikely if its firmware is up to date.  And if a router has been infected, resetting it will do nothing as the vulnerability is still in the router's firmware.  As for people, if they are not open to the concept of cyberattacks, let them live it their pink glasses world.  You can't force them unfortunately. (You can always drop hints from time to time like, what would you do if you lost this project of yours, disk crash, whatever? )

Adding a router to isolate your local sub-network from the Internet (and your family) is a good idea.  Change your WiFi password again if a device you don't trust knows it. For your PCs, make sure you have an anti-malware software running.  For your game consoles, make sure their firmware are up to date.  For your data, make sure that it's backed up to a device that you keep disconnected when not used.

Remember that threats can come from anywhere, not just an (absent) TV Box.  It could even come from you by inattention, so just stay alert.

Edited by Dominique1, 29 January 2024 - 04:06 PM.

I'd say change what you can change, and isolate devices you can't change.  Infecting a router is unlikely if its firmware is up to date.  And if a router has been infected, resetting it will do nothing as the vulnerability is still in the router's firmware.  As for people, if they are not open to the concept of cyberattacks, let them live it their pink glasses world.  You can't force them unfortunately. (You can always drop hints from time to time like, what would you do if you lost this project of yours, disk crash, whatever? )
Adding a router to isolate your local sub-network from the Internet (and your family) is a good idea.  Change your WiFi password again if a device you don't trust knows it. For your PCs, make sure you have an anti-malware software running.  For your game consoles, make sure their firmware are up to date.  For your data, make sure that it's backed up to a device that you keep disconnected when not used.
Remember that threats can come from anywhere, not just an (absent) TV Box.  It could even come from you by inattention, so just stay alert.

My router is routed through a switch, would connecting to the switch -instead of my wifi router- count as being isolated? My (presumably infected) router gets internet access through that switch, which is where my game console is primarily connected to, and with the TV Box incident, I'm planning on plugging my Windows 10 Laptop there for the meantime aswell. Would that be considered isolated and safe to do? I'm also now planning on replacing my router (the one connected to by the TV Box) but if I do, is it safe to just get rid of the router the device connected directly to or am I replacing the entire setup (my setup is already kind of ancient, so a full replacement is alright with me but won't be happening soon).

I apologize if my response is all over the place, I'm still reeling from the infection that forced me to Clean Install my laptop.

Edited by Andre_Castillo14, 29 January 2024 - 07:49 PM.

A switch is just a way to bind cables together.  It doesn't provide any device isolation.  A router has security features.  A topology you may be interested with would be:

 

Internet

ISP Router/Modem (with the local family network and WiFi)

Family switch

Family PC

Family TV

Your Router (your local sub-network with your WiFi)

Your PC

Your game console

 

In the above graph, devices on the same level are all connected together, and to the device above.  In your router, you can set its firewall to isolate your sub-network from your family's network.
 

Edited by Dominique1, 29 January 2024 - 09:13 PM.

It's good to be paranoid with securities, so that you will research what could be impacted.

 

From the description of the malware on the Internet, the malicious TV box seems to be used as a proxy within your network to create accounts, provide bot services, and cryptomine; they don't mention infecting other devices specifically. 

 

With just that, I am somehow doubtful that the routers and mobile devices would be immediately infected.  I would think about changing the password for the router (in case you logged into the router when the TV was connected), and scanning devices that provide services, especially file servers, on your network for infections.

 

New routers now provide WPA3 encryption and Guest/IOT network isolation.  You may want to investigate utilizing those too.

Edited by Dill2046, 29 January 2024 - 09:06 PM.

A switch is just a way to bind cables together.  It doesn't provide any device isolation.  A router has security features.  A topology you may be interested with would be:
 

Internet

ISP Router/Modem (with the local family network and WiFi)

Family switch

Family PC

Family TV

Your Router (your local sub-network with your WiFi)

Your PC

Your game console

 

In the above graph, devices on the same level are all connected together, and to the device above.  In your router, you can set its firewall to isolate your sub-network from your family's network.

I had a different thought about how switches work. Thank you for the clarification.

I forgot to mention another detail, my network has 2 routers chained one to the other by a switch. My network setup is similar to the topology you shared, except about what devices are connected to where. Everyone is connected to my router [Router2], while my game console (and sometimes, laptop) is connected to [Switch], which itself connects to [Router1]

Basically like this: [ISP Modem/Router] < [Router1] < [Switch] < [Router2].

Would it be safe to say that [Router1] and/or the [Switch] is isolated fron [Router2]?

It's good to be paranoid with securities, so that you will research what could be impacted.
 
From the description of the malware on the Internet, the malicious TV box seems to be used as a proxy within your network to create accounts, provide bot services, and cryptomine; they don't mention infecting other devices specifically. 
 
With just that, I am somehow doubtful that the routers and mobile devices would be immediately infected.  I would think about changing the password for the router (in case you logged into the router when the TV was connected), and scanning devices that provide services, especially file servers, on your network for infections.
 
New routers now provide WPA3 encryption and Guest/IOT network isolation.  You may want to investigate utilizing those too.

The "infecting to other devices" part is what worries me the most. Likewise, I don't see any mention of it anywhere but because it did end up on my network, I'm just taking extra precaution. But I guess that relieved some concern I have. I'm currently thinking about investing newer routers that have some sort of network isolation feature.

Quick question though: Does a router with Guest network feature offer true isolation despite being ran on the same router? Or would it be better to have another physical device for visitors to access?

Edited by Andre_Castillo14, 29 January 2024 - 10:19 PM.

Basically like this: [ISP Modem/Router] < [Router1] < [Switch] < [Router2].
Would it be safe to say that [Router1] and/or the [Switch] is isolated fron [Router2]?

No, it's the other way around, [Router2]<Devices are isolated from [Router1]<[Switch]. That is [Router1] and [Router1]<Devices can't access [Router2]<Devices unless you open up the [Router2's firewall].

Edited by Dominique1, 29 January 2024 - 10:18 PM.

Basically like this: [ISP Modem/Router] < [Router1] < [Switch] < [Router2].Would it be safe to say that [Router1] and/or the [Switch] is isolated fron [Router2]?

No, it's the other way around, [Router2]<Devices are isolated from [Router1]<[Switch]. That is [Router1] and [Router1]<Devices can't access [Router2]<Devices unless you open up the [Router2's firewall].

I understand it better now, thank you for the clarification and input.

Quick question though: Does a router with Guest network feature offer true isolation despite being ran on the same router?

A guest network is a way for a router to apply a different set of rules on two local networks (LAN), for example parental control, but I guess it might have less configuration options compared to having two distinct routers. For further details, one must select a specific router model and study its User's Manual.

Edited by Dominique1, 29 January 2024 - 10:39 PM.

Quick question though: Does a router with Guest network feature offer true isolation despite being ran on the same router?

A guest network is a way for a router to apply a different set of rules on two local networks (LAN), for example parental control, but I guess it might have less configuration options compared to having two distinct routers. For further details, one must select a specific router model and study its User's Manual.

I'll keep that in mind when I start browsing for such routers. I doubt switches need to be replaced, right?

I doubt switches need to be replaced, right?

Right! Only if you need more cable connectors.

Quick question though: Does a router with Guest network feature offer true isolation despite being ran on the same router?

A guest network is a way for a router to apply a different set of rules on two local networks (LAN), for example parental control, but I guess it might have less configuration options compared to having two distinct routers. For further details, one must select a specific router model and study its User's Manual.

Just another question: How does the routers with Guest network interact with devices on a wired connection? I'm planning on getting a router with Guest network feature now: my devices on lets say first (and private) access point and everyone else on the "guest" access point. But I only just realized how would the router treat wired connection? Do the router put wired connections on the non-guest network? Is it isolated from the Guest network?

No idea without a specific router model as that answer will be found in the User's manual.