Monday, December 16, 2024

BADBOX malware hits 30,000 Android devices - make sure you update now


  • BADBOX most likely originates from China
  • The malware can run ad fraud, residential proxies, and more malicious activity
  • The network was recently disrupted by German authorities

German authorities have managed to disrupt a major malware operation that affected thousands of Android devices across the country.

The Federal Office of Information Security (BSI) said BADBOX came preloaded on Android devices with older firmware, which were essentially sold as infected.

Some 30,000 devices across the country were compromised, the agency added, with digital picture frames, media players, and streaming devices being the most common endpoints - however, some smartphones and tablet devices were possibly infected as well.

Outdated Android devices

"What all of these devices have in common is that they have outdated Android versions and were delivered with pre-installed malware," the BSI said in a press release.

The agency outlined how BADBOX was capable of carrying out a number of malicious activities.

Mostly, it was built to silently create new accounts for email and message services, which were later used to spread fake news, misinformation, and propaganda, but BADBOX was also designed to open websites in the background, which would count as ad views - a practice generally perceived as ad fraud.

Furthemore, the malware was able to act as a residential proxy service, lending the traffic to malicious third parties for different illegal activities. Finally, BADBOX can be used as a loader, as well, dropping additional malware on the devices.

The operation was reportedly first documented by HUMAN’s Satori Threat Intelligence more than a year ago, and that it most likely originates from China. The same threat actors allegedly operate an ad fraud botnet called PEACHPIT, as well, designed to spoof popular Android and iOS apps, and its own traffic from the BADBOX network.

"This complete loop of ad fraud means they were making money from the fake ad impressions on their own fraudulent, spoofed apps," HUMAN said at the time. "Anyone can accidentally buy a BADBOX device online without ever knowing it was fake, plugging it in, and unknowingly opening this backdoor malware."

Via The Hacker News

You might also like



from TechRadar - All the latest technology news https://ift.tt/VwY91gj

No comments:

Post a Comment

Elon Musk’s xAI supercomputer gets 150MW power boost despite concerns over grid impact and local power stability

Elon Musk's xAI supercomputer gets power boost amid concerns 150MW approval raises questions about grid reliability in Tennessee Lo...