Is your Android TV streaming box part of a botnet?

Don't love the scare title, but particularly don't love the inclusion of "Android TV," which has gone back-and-forth with "Google TV" as the brand name for Google's smart TV experience. (Even Wikipedia has a hard time following the chronology: https://en.wikipedia.org/wiki/Google_TV_(operating_system), https://en.wikipedia.org/wiki/Android_TV#Google_TV_interface)

The title makes it sound like the TV you bought at Best Buy might be part of a botnet. The article is about some drop-shipped piracy-box.

I'd expect pirate TV stuff to be mainly available through mail order, it's surprising you can buy it off the shelf at big box stores like Best Buy. I wonder how they weighed the income they'd get from stocking pirate TV boxes vs. how it would negatively impact their relationships with TV and streaming providers.

Trusting a random vendor, even on your home network, seems crazy. But how do you secure a home network? Are we all supposed to be running Nagios, Grafana, Splunk, and have a personal CISO?

Is there some software I can run on my OpenWrt to detect suspicious traffic?

I guess the big problem here is analysis, because a modern home network moves a massive amount of traffic, to many endpoints.

At the very least it seems critical to treat such android devices as a hostile device on a segmented network (Guest network, or dedicated IoT Network).