1. Forum
  2. FidoNET
  3. CONSPRCY

  • BadBox malware hit after

    From Mike Powell@1:2320/105 to All on Thursday, March 06, 2025 09:06:00
    BadBox malware hit after infecting over 500,000 Android devices

    Date:
    Thu, 06 Mar 2025 12:27:00 +0000

    Description:
    An undisclosed number of domains were sinkholed in strike against BadBox malware.

    FULL STORY

    BadBox 2.0, the spiritual successor of the BadBox Android malware , has been disrupted after cybersecurity experts from the HUMAN's Satori Threat Intelligence team, together with multiple partners, removed dozens of
    malicious apps from the Play Store, banned their developers, and sinkholed communications for hundreds of thousands of infected devices.

    The infected devices are Android Open Source Project devices, not Android TV
    OS devices or Play Protect certified Android devices. All of these devices
    are manufactured in mainland China and shipped globally, the researchers explained.

    In total, 24 malicious apps on the Play Store distributing BadBox 2.0 were removed, and the developer accounts that uploaded these apps were banned from the platform. HUMAN then also sinkholed an undisclosed number of domains, effectively cutting off communications between the malware and the C2 servers
    - so in other words, the devices are still infected, but the malware is non-operational.

    Sinkholing the domains

    BadBox is a piece of malware that turns infected Android devices into residential proxies. They are used in ad fraud, credential stuffing, and
    other forms of cybercrime. Apparently, BadBox infected hundreds of thousands
    of devices, from TV streaming boxes, to smart TVs, and smartphones. No one knows exactly how these devices ended up being infected. Some believe they
    were compromised in early production, while others claim BadBox was dropped somewhere along the supply chain. In any case, these are overwhelmingly low-price-point, off-brand, or uncertified devices.

    German authorities recently disrupted the operation within its borders, but that only sidetracked it a little. In the weeks following the operation,
    BadBox grew to more than a million infected devices (although they were
    mostly located outside Germany, in countries such as Brazil, the US, and Mexico).

    Given its size and resilience, security researchers from HUMAN dubbed it
    BadBox 2.0. Now, together with Google, Trend Micro, The Shadowserver Foundation, and other partners, HUMAN disrupted the new operation in multiple ways.

    As usual, the best way to defend against these attacks is to buy hardware and software from reputable sources, keep the assets updated, and monitor for malicious activity.

    Via BleepingComputer

    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/badbox-malware-hit-after-infecting-over -500-000-android-devices

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)