Search for an article

Select a plan

Choose a plan from below, subscribe, and get access to our exclusive articles!

Monthly plan

$
13
$
0
billed monthly

Yearly plan

$
100
$
0
billed yearly

All plans include

  • Donec sagittis elementum
  • Cras tempor massa
  • Mauris eget nulla ut
  • Maecenas nec mollis
  • Donec feugiat rhoncus
  • Sed tristique laoreet
  • Fusce luctus quis urna
  • In eu nulla vehicula
  • Duis eu luctus metus
  • Maecenas consectetur
  • Vivamus mauris purus
  • Aenean neque ipsum
Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

HomeRisk ManagementsBadBox sees rapid growth with 190,000 Android devices infected - Source: securityaffairs.com

BadBox sees rapid growth with 190,000 Android devices infected – Source: securityaffairs.com

Published on

spot_img

Security researchers have recently made a shocking discovery of a massive botnet consisting of 190,000 Android devices infected by the BadBox bot. The botnet includes a variety of devices, with a majority of them being Yandex 4K QLED Smart TVs and Hisense T963 smartphones. These findings have raised concerns about the widespread impact of this malware, particularly in countries like Russia, China, India, Belarus, Brazil, and Ukraine.

Bitsight, the research team that uncovered the BadBox botnet, sinkholed a domain associated with the malware and found over 160,000 unique IPs communicating with it within just 24 hours. This number continues to grow, indicating the scale of the infection. The telemetry gathered from the infected devices revealed that they send data to a command and control (C2) server upon booting up, waiting for further instructions.

One of the most alarming aspects of this discovery is the fact that well-known brands like Yandex and Hisense are among the devices infected by the BadBox bot. The communication volume between these devices and the C2 server is staggering, with more than 160,000 unique IPs connecting daily. This signifies a concerning trend in the evolution of malware targeting a wide range of internet-connected devices beyond the traditional smartphones and tablets.

In response to this threat, the Federal Office for Information Security (BSI) took action to block communication between 30,000 infected devices in Germany and the C2 server. These devices were all found to be using outdated versions of Android, making them vulnerable to such attacks. By sinkholing the botnet, authorities were able to redirect the traffic from the infected devices to a controlled server, preventing the malware from executing commands and stealing data.

The BadBox bot, once installed on devices, poses multiple risks to users. It can create email and messaging accounts for spreading disinformation, conduct ad fraud by accessing websites in the background, and operate as a residential proxy for criminal activities. Additionally, BadBox has the capability to download additional payloads, further increasing the threats posed to users.

Despite the efforts to neutralize the BadBox botnet, the operation had limited success in curbing its impact due to its global reach. The malware’s presence on devices shipped worldwide through compromised supply chains represents a significant challenge for cybersecurity professionals. The BSI’s call for internet providers to assist in sinkholing operations highlights the need for a coordinated response to such threats.

In conclusion, the BadBox botnet serves as a stark reminder of the evolving tactics used by cybercriminals to exploit vulnerabilities in internet-connected devices. While the current focus may be on devices in specific countries, the widespread nature of this malware should serve as a wakeup call for users worldwide to secure their devices and stay vigilant against emerging threats in the digital landscape.

Source link

Latest articles

‘Academy’ of a Different Kind – The New Indian Express

A unique educational institution called 'Pathshala' has caught the attention of many as it...

Biden Strengthens US Cybersecurity

The Biden administration is currently in the process of finalizing an executive order aimed...

New PayPal Phishing Scam Utilizes MS365 Tools and Authentic Emails

Fortinet’s FortiGuard Labs recently uncovered a sophisticated phishing scam targeting PayPal users, designed to...

Biden Administration Unveils AI Strategic Plan for HHS

The Biden administration's last-minute release of an artificial intelligence strategic plan for the U.S....

More like this

‘Academy’ of a Different Kind – The New Indian Express

A unique educational institution called 'Pathshala' has caught the attention of many as it...

Biden Strengthens US Cybersecurity

The Biden administration is currently in the process of finalizing an executive order aimed...

New PayPal Phishing Scam Utilizes MS365 Tools and Authentic Emails

Fortinet’s FortiGuard Labs recently uncovered a sophisticated phishing scam targeting PayPal users, designed to...