Your network isn’t as safe as you think

Most security advice focuses on what you do. Less attention goes to what the other people on your network are doing, or what their devices are doing without them even knowing it.

This is the uncomfortable reality of shared networks. And recent discoveries involving everyday consumer electronics make it a lot more concrete.

The $400 streaming box that joins a botnet

This is a US example, but the message remains the same.

The Superbox is a media streaming device you can buy in the US at BestBuy, Walmart, or Amazon for around $400. Their pitch: unlimited free access to thousands of streaming channels and pay-per-view content.

The reality: the moment you plug it in, it contacts a Chinese server. Out of the box, it comes loaded with Netcat and Tcpdump, tools used for network analysis and remote access. These aren't user features. They're tools for whoever is on the other end.

Once connected to your network, the Superbox starts performing DNS hijacking and ARP poisoning.
In plain English: it impersonates other devices on your network, intercepts their traffic, and routes it through itself. Your laptop and your phone: all fair game if they're on the same network.

These devices have been linked to botnets used in cybercrime, and authorities have flagged them. But they're still being sold.

It gets worse: the PC that comes pre-infected

If the Superbox is a Trojan horse, the AceMagic mini-PC is a Trojan horse that's already inside the walls.

Recent batches of these mini-PCs were shipped to consumers with factory-installed malware. Specifically: the Bladabindi backdoor and the Redline infostealer, tools designed to log keystrokes and steal saved passwords from browsers.

The kicker: the malware was embedded in the Windows recovery partition. Wiping the machine and doing a full reset doesn't fix it. The malware reinstalls itself. The only way to clean the machine is to know it's compromised in the first place.

These are not obscure grey-market devices. They're sold on Amazon, Bol and other e-shops, marketed as productivity tools.

Danger is lurking, closer than you think

Home networks feel different, right?
You know your router password.
You know your devices.
But do you know every device your partner, your kids, or your housemates have connected?

A cheap smart TV. A media player. An off-brand mini-PC bought as a secondary machine. Any of these could be doing the same kind of network snooping. And if you work from home on the same network, your work traffic shares that environment.

The uncomfortable principle you should follow is called Zero Trust: you never fully trust a network, even one you control, because you can't fully control every device on it. See also: what the NIS2 directive means for boards.

What to actually do

Don't get paranoid. A few deliberate habits get you a long way:

• Treat all public networks as hostile. Hotel, airport, café, etc. Assume the network is actively monitored. No exceptions.
  Most current mobile data plans have very high limits, so switch to 5G.
• Use a VPN when working outside your home. Encrypt your traffic and shield it from local network snooping. Cloudflare's WARP is free and does the job.
• Vet what you connect at home. Be sceptical of cheap smart devices, streaming boxes, and off-brand electronics. Especially anything offering expensive content for free. If it's too good to be true, you're paying with your network data.
• Put IoT and media devices on a separate network. Most modern routers support guest networks or VLANs. Use them. Your work laptop doesn't need to share a network with your TV.

The bottom line

The goal isn't to be afraid of every device. It's to stop trusting networks by default.

Security hygiene usually focuses on passwords, phishing, and software updates.
Those matter, for sure.
But the network layer is where assumptions quietly get exploited. A compromised device doesn't need your password if it can sit between you and the server you're talking to.

Zero Trust isn't a product or a configuration.

It's a mindset: the network is not safe. Protect yourself.

The Superbox case study in this article draws on original research by security researcher D3ada55, as reported in Darknet Diaries, Episode 172: "SuperBox" (Jack Rhysider, April 2026). The full episode, including interview and transcript, is available at darknetdiaries.com/episode/172. Additional coverage from Brian Krebs (Krebs on Security) and the FBI's June 2025 PSA on compromised IoT devices corroborate the findings described.