Malware-Infected Devices Sold Through Major Retailers

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Human Security has exposed a significant monetization method employed by a sophisticated cyber-criminal operation. This operation involved the sale of backdoored off-brand mobile and CTV (Connected TV) Android devices through major retailers, which had originated from repackaging factories in China.

The scheme, known as BADBOX, deploys the Triada malware as a “backdoor” on various devices such as CTV boxes, smartphones and tablets during the supply chain process in China. 

Human’s Satori Threat Intelligence and Research Team observed more than 74,000 Android-based mobile phones, tablets, and CTV boxes showing signs of infection.

These infected devices can steal personally identifiable information (PII), create fake messaging and email accounts and execute various fraudulent activities. Even after a factory reset, BADBOX-infected devices remain compromised, as the malware connects to a command-and-control (C2) server on first boot.

BADBOX’s ability to infiltrate devices sold by trusted e-commerce platforms and retailers makes it particularly dangerous. 

“This backdoor operation is deceptive and dangerous because it is nearly impossible for users to tell if their devices are compromised,” commented Human Security’s chief information security officer, Gavin Reid.

“Of the devices Human acquired from online retailers, 80% were infected with BADBOX, which demonstrates how broadly they were circulating on the market.”

Read more on the Triada malware: Malicious WhatsApp Mod Spotted Infecting Android Devices

Additionally, in November 2022, Human’s Satori Threat Intelligence and Research Team uncovered an “ad fraud module” within BADBOX, hidden ads and fake clicks defrauding advertisers. They also identified a group of Android, iOS and CTV apps, known as PEACHPIT, that conducted similar ad fraud independently of BADBOX.

“The cyber-criminals behind PEACHPIT utilized methods such as hidden advertisements, spoofed web traffic, and malvertising to monetize their scheme and defraud the advertising industry,” said Marion Habiby, data scientist at Human.

Human Security worked with tech giants Google and Apple to disrupt the PEACHPIT operation, sharing information with law enforcement. This collaboration aimed to raise the cost for cybercriminals and protect the advertising industry from fraudulent schemes.

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

New ‘LLMjacking’ Attack Exploits Stolen Cloud Credentials
RSA Conference 2024: AI hype overload
How to talk about climate change – and what motivates people to action: An interview with Katharine Hayhoe
MDR: Unlocking the power of enterprise-grade security for businesses of all sizes
It’s a wrap! RSA Conference 2024 highlights – Week in security with Tony Anscombe

Leave a Reply

Your email address will not be published. Required fields are marked *