The popularity of GLP-1 weight-loss medications continues to soar—and their uptake is helping to push down obesity rates on a national scale—but a safe, evidence-based way off the drugs isn’t yet in clear view.

An analysis published this week in JAMA Internal Medicine found that most participants in a clinical trial who were assigned to stop taking tirzepatide (Zepbound from Eli Lilly) not only regained significant amounts of the weight they had lost on the drug, but they also saw their cardiovascular and metabolic improvements slip away. Their blood pressure went back up, as did their cholesterol, hemoglobin A_1c (used to assess glucose control levels), and fasting insulin.

In an accompanying editorial, two medical experts at the University of Pittsburgh, Elizabeth Oczypok and Timothy Anderson, suggest that this new class of drugs should be rebranded from “weight loss” drugs to “weight management” drugs, which people may need to take indefinitely.

Some studies have found that about half of people who start taking a GLP-1 drug for weight loss stop taking it within a year—for various reasons—and many people think they can stop taking anti-obesity drugs once they’ve reached a desired weight, Oczypok and Anderson write. But that’s not in line with the data.

“It may be helpful to compare them to other chronic disease medications; patients do not stop their anti-hypertensive medications when their blood pressure is at goal,” they write.

In the trial, researchers—led by Eli Lilly scientists—followed 670 participants with obesity or overweight (but without diabetes) who were treated with tirzepatide for 36 weeks. Then the participants were split into either continuing with the drug for another 52 weeks (88 weeks total) or getting a placebo for that period of time. Both groups were told to continue a reduced-calorie diet and an exercise plan.

In all, 335 participants were randomized to switch to a placebo, and the researchers monitored changes in their weight and cardiovascular health metrics after the switch. Not everyone in the first phase of the trial lost significant amounts of weight on the drug. So, the researchers only closely tracked the 308 of the 335 who lost at least 10 percent of their body weight on the drug.

Of the 308 who benefited from tirzepatide, 254 (82 percent) regained at least 25 percent of the weight they had lost on the drug by week 88. Further, 177 (57 percent) regained at least 50 percent, and 74 (24 percent) regained at least 75 percent. Generally, the more weight people regained, the more their cardiovascular and metabolic health improvements reversed.

Data gaps and potential off-ramps

On the other hand, there were 54 participants of the 308 (17.5 percent) that didn’t regain a significant amount of weight (less than 25 percent.) This group saw some of their health metrics worsen on withdrawal of the drug, but not all— blood pressure increased a bit, but cholesterol didn’t go up significantly overall. About a dozen participants (4 percent of the 308) continued to lose weight after stopping the drug.

The researchers couldn’t figure out why these 54 participants fared so well; there were “no apparent differences” in demographic or clinical characteristics, they reported. It’s clear the topic requires further study.

But, overall, the study offers a gloomy outlook for patients hoping to avoid needing to take anti-obesity drugs for the foreseeable future.

Oczypok and Anderson highlight that the study involved an abrupt withdrawal from the drug. In contrast, many patients may be interested in slowly weaning off the drugs, stepping down dosage levels over time. So far, data on this strategy and the protocols to pull it off have little data behind them. It also might not be an option for patients who abruptly lose access or insurance coverage of the drugs. Other strategies for weaning off the drugs could involve ramping up physical activity or calorie restriction in anticipation of dropping the drugs, the experts note.

In addition to more data on potential GLP-1 off-ramps, the pair calls for more data on the effects of weight fluctuations from people going on and off the treatment. At least one study has found that the regained weight after intentional weight loss may end up being proportionally higher in fat mass, which could be harmful.

For now, Oczypok and Anderson say doctors should be cautious about talking with patients about these drugs and what the future could hold. “These results add to the body of evidence that clinicians and patients should approach starting [anti-obesity medications] as long-term therapies, just as they would medications for other chronic diseases.”

Read full article

Comments

Guest Commentary written by

Ellie Cohen

Ellie Cohen is CEO of The Climate Center, a California-based climate and energy policy nonprofit.

Governor Gavin Newsom stood before global leaders in Brazil recently at COP30, the annual United Nations climate conference, and introduced himself to the world as the new face of U.S. climate ambition. 

The scene raised a question back home in California: Why did Newsom recently veto climate solutions that would have made electricity cleaner and more affordable for Californians?

For decades, California has shown the world that states and regions can drive climate and economic progress, even when national governments lag. 

Now the world’s fourth-largest economy, our state has paired consistent cuts in emissions with sustained economic growth and set a standard for clean car rules that is copied worldwide. It also built the nation’s first economy-wide “Cap and Invest” program, the cap-and-trade energy credit program recently reformed and extended under Newsom’s watch.

Yet as the climate crisis escalates, even that legacy faces scrutiny. While Newsom was preparing for COP30, his administration was delaying or diluting key domestic reforms and quietly expanding in-state oil and gas drilling.

In Brazil, Newsom urged fellow Democrats to start framing climate as an affordability issue — of course, it is. This rhetoric earned him praise abroad. 

But Newsom has balked at several recent opportunities to address climate and cost-of-living challenges together. 

Just weeks ago, the governor vetoed three bipartisan bills that would have advanced virtual power plants, which are systems that deliver clean power back to the electrical grid during peak hours by aggregating power from devices many of us already have in our homes — such as smart thermostats, rooftop solar panels, home and electric vehicle batteries and electric heat pumps. 

Managing strain on the grid with virtual power plants helps avoid blackouts, reduces reliance on gas powered plants and saves electricity customers money on their utility bills, including those not participating in a virtual power plant program. 

One recent study predicted virtual power plants could save Californians up to $13.7 billion on electricity over the next five years. That is the kind of climate-forward and affordability-focused policy that California voters and global climate champions want. 

But all three bills were doomed because investor-owned utilities like PG&E continue to work against local-scale electricity solutions like virtual power plants, and they know they can count on Newsom as an ally.

It’s time for Newsom to start treating climate like a winning issue here in California — not just on the international stage in the lead-up to the 2028 presidential race. Investing in solutions like virtual power plants creates jobs, lowers electricity bills and builds resilience to wildfires and floods. 

Californians pay twice the national average for electricity and yet still endure frequent planned blackouts. We want solutions that work, protect our families and save money, and we want our governor to champion them.

Newsom is right to emphasize affordability as a pillar of climate progress, creating further contrast between himself and President Donald Trump. That’s good politics and good policy — but it’s also puzzling when his administration vetoes the most cost-effective clean energy solutions available today.

After his time in Brazil, Newsom needs more than rhetoric to cement his legacy as a true climate champion. In his final months as governor, he should advance policies that combat the climate crisis and provide economic relief to hardworking Californians. Here are two ways he can show the world how to tackle climate change while lowering the cost of living.

First, knock down state barriers to local, clean, affordable energy. Newsom must stop deferring to corporate utilities like PG&E and mobilize the state to support rooftop solar, virtual power plants and other clean, decentralized electricity solutions. 

Second, eliminate fossil fuel subsidies and make corporate polluters pay for climate disasters. California hands billions to the oil and gas industry while communities bear the costs of extreme weather and fossil fuel pollution. Making polluters pay their fair share would help finance the transition to a cleaner economy, improve public health and take the burden off taxpayers. 

These solutions can be replicated around the world. And, thanks to Newsom’s strong showing in Brazil, the world will be watching. 

The website tied to Argentinian President Javier Milei’s Viva La Libertad Project, which supposedly provided the utility case for the controversial LIBRA token, has been taken down while millions of dollars from LIBRA-connected wallets continue to move.

The Viva La Libertad Project site allowed small Argentinian businesses to apply for funding that would supposedly be raised via profits from the LIBRA token.

Milei publicly endorsed the token on February 18 and since then, its market capitalization has crashed 99%. The project is now mired in numerous lawsuits and links to corruption, with investigators working to discover exactly what happened and recoup victims’ funds.

Programmer Maximiliano Firtman noted that the Viva La Libertad site lasted nine months before its disappearance and suggests that the individuals running it have either intentionally shuttered it or are now no longer able to pay for Weglot, the third-party service keeping it online.

Read more: Hayden Davis sent millions in crypto weeks before LIBRA promo

He ruled out the possibility of a temporary server error, such as an SSL issue, causing the website’s demise, or the scenario where a prepaid plan might’ve run out. 

Firtman also claims that the form businesses used to apply for funding is still online, and that Hayden Davis, one of the individuals accused of orchestrating the LIBRA token, once knew how many people had applied.

This is despite the fact, Firtman says, that no one has claimed to be the administrator of the site during any legal proceedings.

LIBRA funds move as courts decide freezing order

Earlier this week, crypto analysts reported that a “Milei” multisig wallet started moving funds, including $9 million worth of SOL.

This crypto was converted into the stablecoin USDC and bridged to another blockchain. Blockworks analyst Fernando Molina says the funds are now sitting in a TRON wallet as USDT. 

This happened days after multiple wallets tied to LIBRA began to convert $61.5 million worth of  USDC into SOL. Burwick Law, a crypto law firm leading a US case on behalf of LIBRA victims, suspected these transactions were the “the ‘staging’ phase for anonymization,” and applied for a freezing order. 

The order is still being debated by both the defendants and plaintiffs and would prohibit the defendants from using anonymization-enhancing mechanisms to move the crypto.

A hearing has been scheduled today that should decide the outcome of the proposed order. 

Read more: Hayden Davis hit with asset freeze as LIBRA investigation deepens in Argentina

As for the LIBRA investigations in Argentina, this month an Argentine congressional committee released a final report into the scandal that called for Congress to evaluate whether Milei carried out misconduct within his office.  

It also advocated for criminal charges to be filed against various executive branch officials for refusing to cooperate with the investigation, including the country’s Minister of Justice, head of the Anti-Corruption Office, and the former head of the LIBRA investigation unit that was disbanded by Milei in May. 

An Argentinian judge has already ordered this month the freezing of property and financial assets belonging to Davis and two other cryptocurrency “intermediaries” tied to the LIBRA token.

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.

The post LIBRA website vanishes with millions in project funds on the move appeared first on Protos.

Long before the collapse in stock prices of crypto companies this year, executives protected themselves with spectacular paydays detailed in Securities and Exchange Commission (SEC) filings.

With lavish pay packages that paid out even during the horrible bear market, the fine print tells an entirely different tale than their public storytelling.

Consider the executive compensation package for David Bailey, Donald Trump ally and CEO of bitcoin (BTC) treasury company Nakamoto.

Despite its 98% stock price decline, Nakamoto filed exhibit 10.15 to its August 11 form 8-K in which it admitted to paying a company that Bailey controls, BTC Consulting LLC:

• A $250,000 signing bonus
• A monthly consulting fee of $58,333
• An initial grant of 5 million NAKA stock options
• $1 million in restricted stock units
• Eligibility for $2.1 million in annual cash-based incentive bonuses
• Free use of a private jet

Shares of NAKA, which closed at $14.28 on August 11, are now worth less than $0.45 apiece. Worse, Bailey has led the company since its all-time high of $34.77 in May — and remained in charge as shares collapsed 98.7%.

Read more: Could a hostile takeover be the end of the line for Nakamoto?

Michael Saylor keeps his billions no matter how low Strategy falls

As egregious as Bailey’s pay package is, it pales in comparison to the compensation of Michael Saylor, founder of the largest crypto company trading on US exchanges besides Coinbase.

Down 60% from a peak market capitalization of $124.7 billion on July 17 to $49 billion today, Saylor has still made billions of dollars personally from leading Strategy (formerly MicroStrategy).

Thanks mostly to a special type of Class B stock that grants him 10:1 voting rights, plus awards from his founder-friendly board of stock options and convertibles, Saylor’s personal net worth is probably north of $5 billion.

He’s kept those billions despite a 61% decline in the company’s common stock over the last 12 months.

Consider another example of Anthony Pompliano’s $400 million executive compensation package from ProCap. That payday sparked a hostile shareholder letter by Paul Glazer.

Shares of Columbus Circle Capital Corp. I, a SPAC that would have taken Pompliano’s ProCap public, briefly rallied above $16 in June on initial optimism about the podcaster and media influencer.

As shares fell back to their $10 pre-merger announcement, Glazer gobbled up a 7.7% stake and publicized his staunch objection to Pompliano’s proposal.

Indeed, Pompliano structured his compensation to exit with at least $50 million personally — even if the stock price halved from $10 to $5.

He even added a $10 million cash payout for himself for any early termination without cause.

Crash-proof compensation for crypto execs

Additional examples are plentiful. During the peak of the bubble in crypto treasury companies in May, DeFi Development Corporation agreed to pay CEO Joseph Onorati an annual salary of $574,000 plus a 200% bonus possibility if the company achieved ‘WAGMI Tier’ milestones.

WAGMI is a crypto acronym for “We’re All Gonna Make It.” His stock price is down 48% since that press release.

In 2024, Core Scientific increased CEO Adam Sullivan’s personal compensation to $41.9 million, a 47x increase from 2023.

Despite this staggering increase, the company’s stock price has stagnated in 2025, trading exactly flat year to date.

At Solana treasury company Upexi, CEO Allan Marshall’s personal salary is $840,000, plus a six-month restricted stock grant of 75,000 shares and extra warrants to purchase 500,000 shares at a $2.28 strike over five years.

Despite all of this supposed motivation, Upexi’s share price collapsed to less than the value of its Solana holdings.

Like Glazer’s activist opposition to Pompliano, some shareholders have realized that they can vote against these incredible pay packages. Already, shareholders of BTC mining companies have opposed 36% of recent executive pay proposals — an oppositional voting rate that is 29% higher than the S&P 500 average.

Got a tip? Send us an email securely via Protos Leaks. For more informed news, follow us on X, Bluesky, and Google News, or subscribe to our YouTube channel.

The post Top crypto execs cash in as stocks collapse appeared first on Protos.

On the surface, the Superbox media streaming devices for sale at retailers like BestBuy and Walmart may seem like a steal: They offer unlimited access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN and Hulu, all for a one-time fee of around $400. But security experts warn these TV boxes require intrusive software that forces the user’s network to relay Internet traffic for others, traffic that is often tied to cybercrime activity such as advertising fraud and account takeovers.

Superbox media streaming boxes for sale on Walmart.com.

Superbox bills itself as an affordable way for households to stream all of the television and movie content they could possibly want, without the hassle of monthly subscription fees — for a one-time payment of nearly $400.

“Tired of confusing cable bills and hidden fees?,” Superbox’s website asks in a recent blog post titled, “Cheap Cable TV for Low Income: Watch TV, No Monthly Bills.”

“Real cheap cable TV for low income solutions does exist,” the blog continues. “This guide breaks down the best alternatives to stop overpaying, from free over-the-air options to one-time purchase devices that eliminate monthly bills.”

Superbox claims that watching a stream of movies, TV shows, and sporting events won’t violate U.S. copyright law.

“SuperBox is just like any other Android TV box on the market, we can not control what software customers will use,” the company’s website maintains. “And you won’t encounter a law issue unless uploading, downloading, or broadcasting content to a large group.”

A blog post from the Superbox website.

There is nothing illegal about the sale or use of the Superbox itself, which can be used strictly as a way to stream content at providers where users already have a paid subscription. But that is not why people are shelling out $400 for these machines. The only way to watch those 2,200+ channels for free with a Superbox is to install several apps made for the device that enable them to stream this content.

Superbox’s homepage includes a prominent message stating the company does “not sell access to or preinstall any apps that bypass paywalls or provide access to unauthorized content.” The company explains that they merely provide the hardware, while customers choose which apps to install.

“We only sell the hardware device,” the notice states. “Customers must use official apps and licensed services; unauthorized use may violate copyright law.”

Superbox is technically correct here, except for maybe the part about how customers must use official apps and licensed services: Before the Superbox can stream those thousands of channels, users must configure the device to update itself, and the first step involves ripping out Google’s official Play store and replacing it with something called the “App Store” or “Blue TV Store.”

Superbox does this because the device does not use the official Google-certified Android TV system, and its apps will not load otherwise. Only after the Google Play store has been supplanted by this unofficial App Store do the various movie and video streaming apps that are built specifically for the Superbox appear available for download (again, outside of Google’s app ecosystem).

Experts say while these Android streaming boxes generally do what they advertise — enabling buyers to stream video content that would normally require a paid subscription — the apps that enable the streaming also ensnare the user’s Internet connection in a distributed residential proxy network that uses the devices to relay traffic from others.

Ashley is a senior solutions engineer at Censys, a cyber intelligence company that indexes Internet-connected devices, services and hosts. Ashley requested that only her first name be used in this story.

In a recent video interview, Ashley showed off several Superbox models that Censys was studying in the malware lab — including one purchased off the shelf at BestBuy.

“I’m sure a lot of people are thinking, ‘Hey, how bad could it be if it’s for sale at the big box stores?'” she said. “But the more I looked, things got weirder and weirder.”

Ashley said she found the Superbox devices immediately contacted a server at the Chinese instant messaging service Tencent QQ, as well as a residential proxy service called Grass IO.

GET GRASSED

Also known as getgrass[.]io, Grass says it is “a decentralized network that allows users to earn rewards by sharing their unused Internet bandwidth with AI labs and other companies.”

“Buyers seek unused internet bandwidth to access a more diverse range of IP addresses, which enables them to see certain websites from a retail perspective,” the Grass website explains. “By utilizing your unused internet bandwidth, they can conduct market research, or perform tasks like web scraping to train AI.” 

Reached via Twitter/X, Grass founder Andrej Radonjic told KrebsOnSecurity he’d never heard of a Superbox, and that Grass has no affiliation with the device maker.

“It looks like these boxes are distributing an unethical proxy network which people are using to try to take advantage of Grass,” Radonjic said. “The point of grass is to be an opt-in network. You download the grass app to monetize your unused bandwidth. There are tons of sketchy SDKs out there that hijack people’s bandwidth to help webscraping companies.”

Radonjic said Grass has implemented “a robust system to identify network abusers,” and that if it discovers anyone trying to misuse or circumvent its terms of service, the company takes steps to stop it and prevent those users from earning points or rewards.

Superbox’s parent company, Super Media Technology Company Ltd., lists its street address as a UPS store in Fountain Valley, Calif. The company did not respond to multiple inquiries.

According to this teardown by behindmlm.com, a blog that covers multi-level marketing (MLM) schemes, Grass’s compensation plan is built around “grass points,” which are earned through the use of the Grass app and through app usage by recruited affiliates. Affiliates can earn 5,000 grass points for clocking 100 hours usage of Grass’s app, but they must progress through ten affiliate tiers or ranks before they can redeem their grass points (presumably for some type of cryptocurrency). The 10th or “Titan” tier requires affiliates to accumulate a whopping 50 million grass points, or recruit at least 221 more affiliates.

Radonjic said Grass’s system has changed in recent months, and confirmed the company has a referral program where users can earn Grass Uptime Points by contributing their own bandwidth and/or by inviting other users to participate.

“Users are not required to participate in the referral program to earn Grass Uptime Points or to receive Grass Tokens,” Radonjic said. “Grass is in the process of phasing out the referral program and has introduced an updated Grass Points model.”

A review of the Terms and Conditions page for getgrass[.]io at the Wayback Machine shows Grass’s parent company has changed names at least five times in the course of its two-year existence. Searching the Wayback Machine on getgrass[.]io shows that in June 2023 Grass was owned by a company called Wynd Network. By March 2024, the owner was listed as Lower Tribeca Corp. in the Bahamas. By August 2024, Grass was controlled by a Half Space Labs Limited, and in November 2024 the company was owned by Grass OpCo (BVI) Ltd. Currently, the Grass website says its parent is just Grass OpCo Ltd (no BVI in the name).

Radonjic acknowledged that Grass has undergone “a handful of corporate clean-ups over the last couple of years,” but described them as administrative changes that had no operational impact. “These reflect normal early-stage restructuring as the project moved from initial development…into the current structure under the Grass Foundation,” he said.

UNBOXING

Censys’s Ashley said the phone home to China’s Tencent QQ instant messaging service was the first red flag with the Superbox devices she examined. She also discovered the streaming boxes included powerful network analysis and remote access tools, such as Tcpdump and Netcat.

“This thing DNS hijacked my router, did ARP poisoning to the point where things fall off the network so they can assume that IP, and attempted to bypass controls,” she said. “I have root on all of them now, and they actually have a folder called ‘secondstage.’ These devices also have Netcat and Tcpdump on them, and yet they are supposed to be streaming devices.”

A quick online search shows various Superbox models and many similar Android streaming devices for sale at a wide range of top retail destinations, including Amazon, BestBuy, Newegg, and Walmart. Newegg.com, for example, currently lists more than three dozen Superbox models. In all cases, the products are sold by third-party merchants on these platforms, but in many instances the fulfillment comes from the e-commerce platform itself.

“Newegg is pretty bad now with these devices,” Ashley said. “Ebay is the funniest, because they have Superbox in Spanish — the SuperCaja — which is very popular.”

Superbox devices for sale via Newegg.com.

Ashley said Amazon recently cracked down on Android streaming devices branded as Superbox, but that those listings can still be found under the more generic title “modem and router combo” (which may be slightly closer to the truth about the device’s behavior).

Superbox doesn’t advertise its products in the conventional sense. Rather, it seems to rely on lesser-known influencers on places like Youtube and TikTok to promote the devices. Meanwhile, Ashley said, Superbox pays those influencers 50 percent of the value of each device they sell.

“It’s weird to me because influencer marketing usually caps compensation at 15 percent, and it means they don’t care about the money,” she said. “This is about building their network.”

A TikTok influencer casually mentions and promotes Superbox while chatting with her followers over a glass of wine.

BADBOX

As plentiful as the Superbox is on e-commerce sites, it is just one brand in an ocean of no-name Android-based TV boxes available to consumers. While these devices generally do provide buyers with “free” streaming content, they also tend to include factory-installed malware or require the installation of third-party apps that engage the user’s Internet address in advertising fraud.

In July 2025, Google filed a “John Doe” lawsuit (PDF) against 25 unidentified defendants dubbed the “BadBox 2.0 Enterprise,” which Google described as a botnet of over ten million Android streaming devices that engaged in advertising fraud. Google said the BADBOX 2.0 botnet, in addition to compromising multiple types of devices prior to purchase, can also infect devices by requiring the download of malicious apps from unofficial marketplaces.

Some of the unofficial Android devices flagged by Google as part of the Badbox 2.0 botnet are still widely for sale at major e-commerce vendors. Image: Google.

Several of the Android streaming devices flagged in Google’s lawsuit are still for sale on top U.S. retail sites. For example, searching for the “X88Pro 10” and the “T95” Android streaming boxes finds both continue to be peddled by Amazon sellers.

Google’s lawsuit came on the heels of a June 2025 advisory from the Federal Bureau of Investigation (FBI), which warned that cyber criminals were gaining unauthorized access to home networks by either configuring the products with malicious software prior to the user’s purchase, or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process.

“Once these compromised IoT devices are connected to home networks, the infected devices are susceptible to becoming part of the BADBOX 2.0 botnet and residential proxy services known to be used for malicious activity,” the FBI said.

The FBI said BADBOX 2.0 was discovered after the original BADBOX campaign was disrupted in 2024. The original BADBOX was identified in 2023, and primarily consisted of Android operating system devices that were compromised with backdoor malware prior to purchase.

Riley Kilmer is founder of Spur, a company that tracks residential proxy networks. Kilmer said Badbox 2.0 was used as a distribution platform for IPidea, a China-based entity that is now the world’s largest residential proxy network.

Kilmer and others say IPidea is merely a rebrand of 911S5 Proxy, a China-based proxy provider sanctioned last year by the U.S. Department of the Treasury for operating a botnet that helped criminals steal billions of dollars from financial institutions, credit card issuers, and federal lending programs (the U.S. Department of Justice also arrested the alleged owner of 911S5).

How are most IPidea customers using the proxy service? According to the proxy detection service Synthient, six of the top ten destinations for IPidea proxies involved traffic that has been linked to either ad fraud or credential stuffing (account takeover attempts).

Kilmer said companies like Grass are probably being truthful when they say that some of their customers are companies performing web scraping to train artificial intelligence efforts, because a great deal of content scraping which ultimately benefits AI companies is now leveraging these proxy networks to further obfuscate their aggressive data-slurping activity. By routing this unwelcome traffic through residential IP addresses, Kilmer said, content scraping firms can make it far trickier to filter out.

“Web crawling and scraping has always been a thing, but AI made it like a commodity, data that had to be collected,” Kilmer told KrebsOnSecurity. “Everybody wanted to monetize their own data pots, and how they monetize that is different across the board.”

SOME FRIENDLY ADVICE

Products like Superbox are drawing increased interest from consumers as more popular network television shows and sportscasts migrate to subscription streaming services, and as people begin to realize they’re spending as much or more on streaming services than they previously paid for cable or satellite TV.

These streaming devices from no-name technology vendors are another example of the maxim, “If something is free, you are the product,” meaning the company is making money by selling access to and/or information about its users and their data.

Superbox owners might counter, “Free? I paid $400 for that device!” But remember: Just because you paid a lot for something doesn’t mean you are done paying for it, or that somehow you are the only one who might be worse off from the transaction.

It may be that many Superbox customers don’t care if someone uses their Internet connection to tunnel traffic for ad fraud and account takeovers; for them, it beats paying for multiple streaming services each month. My guess, however, is that quite a few people who buy (or are gifted) these products have little understanding of the bargain they’re making when they plug them into an Internet router.

Superbox performs some serious linguistic gymnastics to claim its products don’t violate copyright laws, and that its customers alone are responsible for understanding and observing any local laws on the matter. However, buyer beware: If you’re a resident of the United States, you should know that using these devices for unauthorized streaming violates the Digital Millennium Copyright Act (DMCA), and can incur legal action, fines, and potential warnings and/or suspension of service by your Internet service provider.

According to the FBI, there are several signs to look for that may indicate a streaming device you own is malicious, including:

-The presence of suspicious marketplaces where apps are downloaded.
-Requiring Google Play Protect settings to be disabled.
-Generic TV streaming devices advertised as unlocked or capable of accessing free content.
-IoT devices advertised from unrecognizable brands.
-Android devices that are not Play Protect certified.
-Unexplained or suspicious Internet traffic.

This explainer from the Electronic Frontier Foundation delves a bit deeper into each of the potential symptoms listed above.