FlagThis

The BADBOX botnet has infected over 190,000 Android devices, including high-end products like Yandex 4K QLED TVs. This botnet's widespread infection is attributed to supply chain vulnerabilities, potentially involving pre-installed malware embedded during the manufacturing or distribution phases. This discovery highlights the significant security risks associated with compromises in the supply chain of Android devices.

A recent investigation revealed over 160,000 unique IP addresses communicating with BADBOX command-and-control servers daily. These infections are concentrated in countries like Russia, China, India, Brazil, Belarus, and Ukraine. The BADBOX malware is believed to originate from the Triada family of Android malware, known for its stealth. Once activated, infected devices are transformed into residential proxies, enabling cybercriminals to route internet traffic through them for illegal activities and ad fraud.

ImgSrc: securityonline.

References :

• Cyber Security News: CyberPress article about the BADBOX botnet infection of Android devices, including LED TVs.
• gbhackers.com: GBHackers article reporting on the BADBOX botnet.
• securityonline.info: Security Online article on the BADBOX botnet infecting Android devices with pre-installed malware.
• cyberpress.org: Cyberpress.org article on BADBOX botnet and the affected devices.
• securityonline.info: SecurityOnline article about BADBOX botnet and pre-installed malware targeting Android devices.
• gbhackers.com: The BADBOX botnet, a sophisticated malware operation targeting Android-based devices, has now infected over 192,000 systems globally.

Classification:

• HashTags: #BADBOX #Botnet #Android
• Target: Android Devices
• Product: Android
• Feature: Pre-installed Malware
• Malware: BADBOX
• Type: Malware
• Severity: Major