A virus has been discovered within 30,000 Android devices located in Germany. According to the press release from the German Federal Office for Information Technology Security, malware called BadBox was slipped into the code of the devices before they left the factory.
Also read: Russian cyberattack on Android – 2 spy viruses launch data theft
Data theft and ad fraud
According to investigators, the malware was pre-installed so that it could compromise devices once they were connected to the Internet. Once the connection is established, Badbox is able to steal data or install other malware. Worse, the virus allows cybercriminals to compromise the network to which the compromised device is connected.
According to German police, Badbox is also able to vacuum up two-factor authentication codes or orchestrate advertising fraud. To generate fraudulent revenue, hackers programmed the virus to serve advertisements in the background. This tactic earns scammers money, but helps ruin the device’s performance. Finally, the virus allows compromised terminals to be added to a botnet, a network of hacked devices. These can be used to carry out other cyberattacks, such as DDoS attacks.
Different types of compromised devices
Infected devices include digital photo frames, media players, various streaming devices, tablets and smartphones.
After identifying the virus, law enforcement did everything possible to block Badbox. The German cybersecurity agency announced that it had successfully intercepted communications between infected devices and cybercriminals. They managed to redirect all malware traffic to servers controlled by law enforcement. This tactic pulled the rug out from under the pirates. There is no more “of acute danger for these devices”indicates the police.
Google and Play Protect
All affected devices were running outdated versions of Android and did not have protections from Google. In a reaction addressed to Bleeping ComputerGoogle also specifies that “the devices identified as infected were models not certified by Play Protect”.
“When a device is not Play Protect certified, Google does not have a record of security and compatibility testing results. Play Protect certified Android devices undergo extensive testing to ensure quality and user safety »says Google.
This is not the first time that Google has put the church back in the middle of the village following the discovery of a virus pre-installed on Android devices. As always, Google recommends sticking to certified device manufacturers. A Play Protect sticker is normally visible on the box. In the case of TV boxes, Google recommends consulting the list of boxes sold by its partners and running Android TV on its official website.
A device to disconnect urgently
Not surprisingly, all owners of an affected device will be promptly notified by their ISP. The devices must be “immediately disconnected from the Internet” and users must get rid of it as quickly as possible. As the German agency indicates, all software installed on the device is suspicious and potentially malicious.
German police believe it is likely that other Badbox-infected devices are still out there. All devices connected to the Internet, such as smartphones, security cameras or speakers, are at risk. This is especially the case low cost devices purchased from little-known brands. Some brands outsource the development of part of the software for their operating systems. These untrustworthy providers often exploit this collaboration to generate additional revenue, by slipping in fraudulent software.
Viruses pre-installed after design, and before being placed on the market, are not “unfortunately not a rare phenomenon”regrets Claudia Plattner, president of the German agency behind the dismantling of Badbox. A few months ago, a virus was discovered in the code of 1.3 million Android boxes sold around the world.
???? To not miss any news from 01net, follow us on Google News and WhatsApp.
Source :
BSI
