At the beginning of the week, we revealed that 30,000 Android devices had been hacked in Germany. Pre-installed before the devices leave the factory, the malware Badbox is capable of orchestrating a myriad of malicious operations, ranging from data theft to ad fraud. Following a sting operation carried out by the German police, the virus was partly bypassed. However, law enforcement recommends that affected users disconnect terminals from the Internet.
Despite the police offensive, Badbox continues to grow. According to research by BitSight, the virus is still hiding withinat least 192,000 Android devices in the world. According to researcher Pedro Falé, who infiltrated one of the pirates’ servers, Badbox is “still very much alive and widespread”. He has also accumulated “more than 160,000 unique IP addresses in 24 hours”.
Also read: Android is targeted by a Russian cyberattack
A botnet that is growing
Current victims of the malware include 160,000 connected televisions and smartphones. This is a very specific reference, very popular in Russia, the Yandex 4K QLED Smart TV, and the Hisense T963 phone. The number of devices falling under the control of Badbox is constantly increasing. Recently, the Badbox compromised network included no more than 75,000 victims.
As BitSight explains, the virus is now attacking devices that are not not low cost products sold by obscure Chinese brands. Indeed, “the affected models, numbered YNDX-00091 to YNDX-000102, are 4K smart TVs from a reputable brand, not just cheap Android TV boxes”.
“This is the first time a major brand Smart TV has been observed communicating at such volume with a BadBox command and control domain, expanding the list of affected devices beyond boxes, Android TV tablets and smartphones »underlines BitSight in its report.
To slip onto these connected televisions, the malware relies on supply chain attacks. At some point between the design and marketing of the device, a malicious employee or service provider installs the virus without the manufacturers’ knowledge. De facto, the malware is present on the device as soon as the consumer turns it on for the first time. According to BitSight, “Cybercriminals are increasingly mastering the art of using global supply chains to spread their malware”.
A major criminal operation
The other terminals under the control of the botnet are various Android devices, such as tablets or boxes. Badbox victims are now mainly found in Russia, China, India, Belarus, Brazil and Ukraine.
As a reminder, Badbox was spotted for the first time in 2023 on an Android TV box sold on Amazon. Research quickly showed that the virus is part of a “large-scale cybercriminal operation”says BitSight.
???? To not miss any news from 01net, follow us on Google News and WhatsApp.
Source :
BitSight
Related News :