445/67 Tuesday, December 17, 2024
Germany’s Federal Office for Information Security (BSI) announced its success in halting the BADBOX malware operation, which was found to have infected over 30,000 internet-connected devices sold within the country. The agency disrupted communication between the infected devices and their command-and-control (C2) servers using a sinkholing technique. Affected devices include digital picture frames, media players, streamers, and potentially smartphones and tablets.
BADBOX was first identified by HUMAN’s Satori Threat Intelligence team in October 2023, described as a “complex threat actor scheme.” The malware exploits vulnerabilities in Android devices using Triada Android malware. Once connected to the internet, BADBOX can harvest sensitive information, such as authentication codes, and install additional malware. It is also linked to the PEACHPIT ad botnet, which disguises itself as popular Android and iOS applications to generate fake traffic and sell fraudulent ad space.
According to BSI, devices infected with BADBOX can also serve as proxy servers to mask the origins of cyberattacks and create accounts on platforms such as Gmail and WhatsApp. To disrupt the attack chain, BSI instructed internet service providers with over 100,000 users in Germany to redirect traffic from infected devices to sinkholes. Users were also advised to immediately disconnect any affected devices from the internet.
Source https://thehackernews.com/2024/12/germany-disrupts-badbox-malware-on.html
