Not exactly the answer but if you have one of the affected mentioned devices it should be listening on TCP port 5555. You can do a port scan for that.
nmap -Pn 192.168.0.0/16 -p 5555
Replace netmask as appropriate.
Now that it's publicly known I guess it's possible that they will close the door post-infection to avoid detecton. And it won't detect any other devices it's spread further to.
If you have a cheapo Android-based TV box or stick like the ones mentioned, throw it out or reflash it with Armbian after forensics.
I'm sure there are HN readers out there who have one of these. They were very popular a couple of years back.
Now that it's publicly known I guess it's possible that they will close the door post-infection to avoid detecton. And it won't detect any other devices it's spread further to.
If you have a cheapo Android-based TV box or stick like the ones mentioned, throw it out or reflash it with Armbian after forensics.
I'm sure there are HN readers out there who have one of these. They were very popular a couple of years back.