A new malware called BadBox is spreading terror in Europe. This malware has infected up to 30,000 Android devices in Germany, including digital photo frames, media players, and potentially smartphones and tablets. The particularity of this software is that it did not spread following a lack of vigilance on the part of users, but was “already installed on the affected devices at the time of purchase”. Under these conditions, it is difficult for users to detect this malware which only needs an Internet connection to get started.
Many devices compromised by this malware
Once connected, the German Federal Office for Information Security (BSI) specifies that BadBox is able to discreetly create email accounts and messaging for spread false information. It is also capable of carrying out advertising fraud and generate fraudulent income by playing the ads in the background. Worse still, the malware opens access to third parties to allow them to use the victims’ Internet connection and carry out criminal activities such as cyberattacks or disseminating illegal content. Additionally, BadBox may download and install other malware.
The actions are numerous and the infected devices are numerous. The German cybersecurity agency specifies that all the devices concerned have in common that they operate under Outdated Android versionss. In this regard, Google reminds the Bleeping Computer site that “the devices identified as infected were models not certified by Play Protect”. In the absence of this certification, the firm behind Android is not able to provide sufficiently significant security protection. The American giant invites users to opt for certified devices, with the Play Protect mention visible on the packaging.
Nevertheless, this episode reminds us that connected objects are particularly vulnerable. For years, specialists have been warning about the risk posed by devices classified as IoT. Unlike computers, smartphones or tablets, connected objects (watches, bracelets, glasses, televisions, household appliances, etc.) do not always benefit from the same monitoring. They can be easy targets for attackers, especially when they have vulnerabilities and no patches are deployed.
A solution is required: urgently disconnect an infected device!
“immediately disconnected from the Internet”. The German agency indicates that consumers are usually informed by their ISP and regrets not being able to provide a precise list. Indeed, targeted products are often sold under different names by manufacturers. “Unfortunately, malware on internet-connected products is not a rare phenomenon”explains Claudia Plattner, president of the BSI behind the dismantling of Badbox. “Outdated firmware versions, in particular, pose a huge risk. We all have a duty in this regard: manufacturers and retailers have a responsibility to ensure that such devices are not placed on the market. But consumers can also do something: cybersecurity must be an important criterion when making a purchase! »
What should I do if in doubt?
The example concerns Germany, but Android botnets are not uncommon and the risk exists. In addition to calling for the responsibility of manufacturers and resellers to prevent the marketing of infected devices, the BSI encourages consumers to consider cybersecurity as an important criterion when purchasing. In addition to choosing a certified device manufacturer, it is appropriate to check the features product safety. Most often, risky products are low-cost devices sold by little-known brands.
After purchasing, please feel free to disconnect any suspicious device from the Internet and carry out the necessary checks. If possible, you can scan your device with an antivirus, delete and uninstall suspicious files and applications or carry out updates as soon as they are available. Remember to change your passwords if the affected device is connected to your accounts and to keep yourself informed regarding a possible infection.
???? To not miss any news on the Journal du Geek, subscribe on Google News. And if you love us, we have a newsletter every morning.
