Last year, Badbox, a massive botnet, was targeted by several government operations. These operations resulted in the virus being removed from over 30,000 Android devices. The botnet quickly returned to the forefront in the form of Badbox 2.0. The malware managed to infect over 150,000 devices, before slipping into a million Android devices.
Millions of victims
According to the FBI's investigation, the botnet continues to grow steadily. The U.S. Federal Police report that Badbox now consists of "millions of infected devices" worldwide. To expand their botnet, hackers infect "devices either before purchase, by installing malware, or afterward, when a user downloads compromised apps during setup." Badbox spreads both before leaving the factory, with the help of unscrupulous developers, and through infected apps. Therefore, it is important not to download suspicious apps from the web. Stick to apps from well-known developers on reputable platforms, like the Play Store.
Ad Fraud, Data Theft, and Proxy
Cybercriminals leave backdoors on infected devices. These backdoors guarantee persistent access to the device and allow other hackers to use the victims' home internet connection without their consent. This trick helps them hide and camouflage their criminal activities. In this case, the hacked device serves as a proxy.
According to the FBI, devices controlled by Badbox can also be used for ad fraud. Specifically, hackers will order compromised devices to load ads in the background. The virus can then simulate clicks, which quickly generates advertising revenue.
Finally, hackers take advantage of this to collect a wealth of personal data, including login details. They use the credentials to log into their victims' online accounts.
Badbox Targets
Badbox's targets include Chinese smart TVs, TV boxes, tablets, projectors, and other connected devices. The virus almost exclusively affects low-cost devices. It can also be found on "generic TV streaming devices advertised as unlocked or capable of accessing free content", such as IPTV boxes.
To protect yourself from the botnet, the FBI recommends remaining vigilant with all connected devices, especially low-cost solutions. Federal agents advise checking for abnormal behavior, such as high network traffic for no apparent reason. Above all, avoid downloading apps from unofficial sources. Finally, keep all your devices up to date by installing the latest patches. If you have any doubts about a device, disconnect it from your Wi-Fi network.
You are also advised not to invest in an Android device that does not have Play Protect certification, Google's security system for Android devices. This helps reduce the risk of buying a box or TV that is already infected with a virus.
Source: FBI
0 Comments