Badbox Operation Targets Android Devices in Fraud Schemes

  /     /     /  
Publicated : 23/11/2024   Category : security


Badbox Operation Targets Android Devices in Fraud Schemes


Researchers believe that more than 70,000 Android devices may have been affected with preloaded Peachpit malware that was installed on the electronics before being sold at market.



After a researcher discovered that an Android-based TV streaming box, known as T95, was infected with preloaded malware, researchers at Human Security released information regarding the extent of infected devices and how malicious schemes are connected to these corrupted products. 
Daniel Milisic, a systems security consultant, created a script alongside instructions to help other users mitigate the threat after first coming across the issue. Now, Human Securitys threat intelligence and research team has dubbed the operation Badbox, which it characterizes as a complex, interconnected series of ad fraud schemes on a massive scale.
Human Security describes the operation as a global network of consumer products with firmware backdoors installed and sold through a normal hardware supply chain. Once activated, the malware on the devices connect to a command-and-control (C2) server for further instructions. In tandem, a botnet known as Peachpit is integrated with Badbox, and engages in ad fraud, residential proxy services, fake email/messaging accounts, and unauthorized remote code installation.
According to the researchers at Human Security, 200 different models of
Android devices are potentially affected
, and at least 74,000
Android devices
globally are potentially impacted by the Badbox infection. Eight different types of devices have backdoors installed: seven Android-based TV boxes — T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G — and an Android tablet, J5-W. The devices are
made in China
and somewhere along their supply chain, a firmware backdoor gets implemented on the devices.
The infected devices are from the Android Open Source Project (AOSP), meaning that anyone can modify the code, according to a Google spokesperson; they are not built on the official 
Android TV
 operating system for smart TVs and streaming devices, which is proprietary and open only to Google and its licensed partners for code modification. The off-brand devices discovered to be BADBOX-infected were not 
Play Protect certified Android devices
. If a device isnt Play Protect certified, Google doesnt have a record of security and compatibility test results. 
Googles spokesperson adds, Play Protect certified Android devices undergo extensive testing to ensure quality and user safety. To help you confirm whether or not a device is built with Android TV OS and Play Protect certified, our 
Android TV website
provides the most up-to-date list of partners. You can also take 
these steps
 to check if your device is Play Protect certified.
Human Security recommends that users avoid off-brand devices and be wary of clone apps that could potentially infect their device. In addition, users should consider restoring factory settings if a device is behaving oddly.
While the disruption of Bandbox is a victory for the cybersecurity community, research must continue into the supply chain that allowed the threat to develop in the first place, Human Security said
in its report
, and added that other threat actors are poised to fill the vacuum.

Last News

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security

▸ Criminal Possession of Government-Grade Stealth Malware ◂
Discovered: 23/12/2024
Category: security

▸ Senate wants changes to cybercrime law. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Badbox Operation Targets Android Devices in Fraud Schemes