Thousands of Android TV boxes infected with malware
Picture: sarayut Thaneerat/Getty Images.
If you have purchased an Android TV box T95 (or a similar model), there is a good chance that malware is preinstalled on your device. And not just any malware! We are talking here about two different Trojans, Badbox and Peachpit, two rather devastating code combinations.
More than 74,000 Android devices affected
Regarding Badbox, just see the extent of its spread: it has already affected more than 74,000 Android devices worldwide. In reality, this is no ordinary malware. Rather, it is a chain of fairly complex and interconnected frauds.
For the most part, Badbox is a set of backdoors of firmwares installed via the usual hardware supply chain. These devices are distributed in homes and, once started and connected to a network, they immediately connect to a command and control server where they receive their instructions.
Badbox uses fraudulent advertisements, residential proxy services and fake e-mail accounts to install malicious code. Peachpit is the ad fraud component of Badbox. It can quickly spread malicious advertisements for products that, once installed, will infect your devices.
More than 200 different models affected
This type of attack has been around for years, but it has become more and more sophisticated. This time, the cybercriminal operation (baptized Badbox by Human Security) turned out to be very complex and global in scope.
To make matters worse, Human Security has discovered that Badbox goes beyond the T95 devices to include seven different set-top boxes (T95, T95Z, T95MAX, X88, Q9, X12PLUS and MXQ Pro 5G) as well as an Android tablet (the J5-W). These T95 cases (and their imitations) are inexpensive – less than 50 dollars – and therefore can be an interesting option for many users. The cases are often unbranded or sold under different names (an endemic phenomenon that can be found in many online retailers).
Last January, the first case of buying a set-top box with this malicious software preinstalled was reported. According to the report, the device (called AllWinner T616 processor) was using an Android 10 ROM and, once operational, it tried to connect to IP addresses associated with active malware.
With Badbox, more than 200 different models of Android devices could be affected.
What to do to protect yourself from it?
The solution is simple: do not buy set-top boxes or unbranded devices that copy other devices. It seems simple, but above all it is effective.
While shopping online, you will find an infinite number of inexpensive devices. But do not forget, before making the purchase, to check the brand name. For example, you came across a device whose brand is “AllWinner”. Do a search: if you cannot find any information about the company or the brand “AllWinner”, avoid buying the device. If you find information from a reliable source that indicates that the brand is both legal and trustworthy, you can consider this purchase.
Another preventive measure, which should generally apply to your internet browsing: do not click on advertisements. Especially if they contain mistakes, unknown brand names or offers that seem too good to be true.
The good news is that Google has confirmed that the malicious apps have been removed from the Google Play Store. However, this does not mean that the Badbox vulnerability is not always present. But if you avoid buying expensive or cheap devices and install only the essential applications on your phones and tablets, you should be able to avoid these kinds of problems.
Source: ZDNet.com