Is this AliExpress Ethernet Adapter Infected with Malware?
Key Points of the YouTube Video Analysis of an AliExpress Ethernet Driver:
-
Initial Suspicion: A China open-source intelligence expert flagged an AliExpress ethernet adapter driver as potentially malicious based on Hybrid Analysis results, specifically citing VMware registry key searches. Many, including the YouTuber, were initially skeptical due to the unreliability of virus scans and the possibility of false positives.
-
Investigation Methodology: The YouTuber reverse-engineered the driver and installer using various tools (Hybrid Analysis, VirusTotal, Ghidra, etc.) to analyze its functionality.
-
Driver Analysis Findings: The analysis found the driver to be benign. The “VMware registry key” detection was determined to be a false positive. The driver performed standard functions for a USB Ethernet adapter, interacting with the network and USB stacks. No evidence of malicious code, obfuscation, or anti-analysis techniques was found. The installer, while unsigned, performed only expected installation procedures. Potential red flags identified by some security tools were explained as normal driver behavior or boilerplate code.
-
Installer Analysis Findings: The installer was found to be relatively simple, primarily responsible for executing the driver installation. It lacked malicious behavior. The unsigned nature of the installer was noted as a reason for some security flags but wasn’t indicative of malicious intent given the signed driver.
-
Overall Conclusion: The YouTuber concludes that this specific AliExpress ethernet driver is harmless. While the possibility of future malicious drivers or hardware from AliExpress (or any vendor) exists, this particular case was a false alarm due to overly sensitive or flawed detection methods. The video also acknowledges concerns about the hardware’s quality, independent of the driver’s safety.