Badbox, an Android malware thought to be based on the Triada family of malware has apparently infected 1,92,000 devices worldwide despite the German authority’s recent crackdown on its botnet network.
First discovered in early 2023 on a T95 Android TV box available on Amazon, a recent report by BitSight researcher Pedro Fale says that Badbox “still seems to be very much alive and spreading.”
The main goal of the Badbox botnet operation is financial gain, which is done by ad fraud. The malware works by converting the Android device into a “residential proxy” of sorts, which is then rented to users who want to use your device to conduct fraudulent activity.
When cybersecurity experts cracked on one of the command and control servers used by threat actors behind Badbox, BitSight found more than 1,60,000 unique IP addresses in 24 hours. As it turns out, the number has been steadily growing since then.
It was noted that out of the roughly 1,60,000 infections, many Android TVs are from known brands like Yandex and HiSense. The cybersecurity firm also said the infected devices are mostly from countries like Russia, China, India, Belarus, Brazil and Ukraine.
Apart from off-brand and some known Android TV brands, the Federal Office of Information Security (BSI) in Germany said Badbox targeted devices with dated firmware, which are often found on devices like digital picture frames, streaming devices and media players.
A Google spokesperson also commented on the matter and said that these devices were missing Play Protect certification.
For those wondering, signs of Badbox infection include overheating and performance-related issues like high CPU usage, changes in device settings and more. Most Badbox-infected devices are usually tampered with during the supply chain or sold by manufacturers with the ability to install applications with user consent, making it really hard to detect the threat.
Why should you buy our Subscription?
You want to be the smartest in the room.
You want access to our award-winning journalism.
You don’t want to be misled and misinformed.
Choose your subscription package