BADBOX malware hits 30,000 Android devices - make sure you update now

5 days ago 3
Android phone malware
Malware kan ställa till med oreda (Image credit: Shutterstock)

  • BADBOX most likely originates from China
  • The malware can run ad fraud, residential proxies, and more malicious activity
  • The network was recently disrupted by German authorities

German authorities have managed to disrupt a major malware operation that affected thousands of Android devices across the country.

The Federal Office of Information Security (BSI) said BADBOX came preloaded on Android devices with older firmware, which were essentially sold as infected.

Some 30,000 devices across the country were compromised, the agency added, with digital picture frames, media players, and streaming devices being the most common endpoints - however, some smartphones and tablet devices were possibly infected as well.

Outdated Android devices

"What all of these devices have in common is that they have outdated Android versions and were delivered with pre-installed malware," the BSI said in a press release.

The agency outlined how BADBOX was capable of carrying out a number of malicious activities.

Mostly, it was built to silently create new accounts for email and message services, which were later used to spread fake news, misinformation, and propaganda, but BADBOX was also designed to open websites in the background, which would count as ad views - a practice generally perceived as ad fraud.

Furthemore, the malware was able to act as a residential proxy service, lending the traffic to malicious third parties for different illegal activities. Finally, BADBOX can be used as a loader, as well, dropping additional malware on the devices.

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The operation was reportedly first documented by HUMAN’s Satori Threat Intelligence more than a year ago, and that it most likely originates from China. The same threat actors allegedly operate an ad fraud botnet called PEACHPIT, as well, designed to spoof popular Android and iOS apps, and its own traffic from the BADBOX network.

"This complete loop of ad fraud means they were making money from the fake ad impressions on their own fraudulent, spoofed apps," HUMAN said at the time. "Anyone can accidentally buy a BADBOX device online without ever knowing it was fake, plugging it in, and unknowingly opening this backdoor malware."

Via The Hacker News

You might also like

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read Entire Article