BADBOX Botnet Targets 192,000 Android Devices, Hits Yandex TVs and Hisense Phones Worldwide

December 21, 2024
BADBOX Botnet Targets 192,000 Android Devices, Hits Yandex TVs and Hisense Phones Worldwide
  • Researchers at Bitsight have identified a botnet named BADBOX that has infected over 192,000 Android devices, primarily targeting Yandex Smart TVs and Hisense smartphones.

  • The majority of these infections involve approximately 160,000 Yandex 4K QLED Smart TVs, which are particularly popular in Russia, along with Hisense T963 smartphones.

  • Bitsight has detected over 100,000 unique IPs linked to Yandex 4K QLED smart TVs communicating with a BadBox command and control (C&C) server, indicating a significant rise in infections among high-end devices.

  • The BadBox malware is believed to be based on the Triada malware family and is typically introduced through supply chain attacks or employee misconduct.

  • In response to the growing threat, the Federal Office for Information Security (BSI) in Germany implemented a sinkholing operation, redirecting infected device traffic to a controlled server to mitigate data theft and command execution.

  • Despite these efforts, the overall impact on the BADBOX operation has been limited, underscoring the challenges of effectively combating global cyber threats.

  • The malware has also been detected on public school networks across the United States, raising alarms about its widespread implications.

  • Signs of infection include device overheating, performance drops, unusual network traffic, and altered device settings, which can indicate compromised devices.

  • The primary goal of the BadBox campaign is financial gain, achieved by converting infected devices into residential proxies for cybercriminals or facilitating ad fraud.

  • Despite recent disruption attempts in Germany, the BadBox Android malware botnet continues to grow, with BitSight researchers logging over 192,000 infected devices globally.

  • Infected devices are primarily located in regions such as Russia, China, India, Belarus, Brazil, and Ukraine, highlighting the global reach of the botnet.

  • BitSight suggests that the infections could stem from compromised supply chains or manufacturer negligence during various stages from development to sales.

Summary based on 3 sources


Get a daily email with more Tech stories

More Stories