OVERKILL
$100 Site Donor 2021
https://dataconomy.com/2024/12/20/badbox-botnet-infects-over-192000-android-devices-worldwide/
Summary:
The BADBOX botnet has now infected over 192,000 Android devices globally, expanding its reach beyond low-cost electronics to include well-known brands like Yandex and Hisense. This malware poses a significant risk as it is pre-installed on devices during manufacturing.
The BADBOX botnet primarily targets Android operating systems and has shown considerable resilience, with the latest telemetry revealing it has affected a wider variety of devices than previously reported. Once activated, infected devices connect to a Command and Control (C2) server, granting attackers access to the local network. The malware can intercept two-factor authentication details and install further malicious software. The infection vector is believed to involve supply chain attacks, where malware is embedded at the firmware level, complicating removal efforts since it resides in a non-writable partition.
While they don't come out and say it, the devices listed come from Russia (Yandex) and China (Hisense), which may point to government involvement. The types of devices range from televisions to smartphones and everything in between including digital streaming boxes and smart picture frames.
Summary:
The BADBOX botnet has now infected over 192,000 Android devices globally, expanding its reach beyond low-cost electronics to include well-known brands like Yandex and Hisense. This malware poses a significant risk as it is pre-installed on devices during manufacturing.
The BADBOX botnet primarily targets Android operating systems and has shown considerable resilience, with the latest telemetry revealing it has affected a wider variety of devices than previously reported. Once activated, infected devices connect to a Command and Control (C2) server, granting attackers access to the local network. The malware can intercept two-factor authentication details and install further malicious software. The infection vector is believed to involve supply chain attacks, where malware is embedded at the firmware level, complicating removal efforts since it resides in a non-writable partition.
While they don't come out and say it, the devices listed come from Russia (Yandex) and China (Hisense), which may point to government involvement. The types of devices range from televisions to smartphones and everything in between including digital streaming boxes and smart picture frames.
