do son 
A new and insidious botnet dubbed BADBOX is infecting hundreds of thousands of Android devices, with the malware often pre-installed before the unsuspecting user even opens the box.
Unlike traditional botnets that rely on users downloading malicious software, BADBOX often comes embedded in the device’s firmware. This means that users are unknowingly purchasing compromised devices, making this threat particularly difficult to detect and avoid.
The scale of the BADBOX botnet is significant. Over 190,000 infected devices have been observed, including popular models like Yandex 4K QLED TVs. This widespread infection points to a potentially large-scale supply chain compromise.
“Researchers from BitSight recently highlighted the huge number of devices communicating with BADBOX servers, suggesting a full-blown supply chain compromise that goes well beyond a typical sideloaded malware incident,” the Censys report states.
Censys researchers utilized their Internet Intelligence Platform to track down the malicious infrastructure behind BADBOX. They identified a suspicious SSL/TLS certificate common to all BADBOX infrastructure, which led them to uncover five IP addresses and numerous domains all controlled by the same actor.
This discovery was made possible by searching for the certificate’s unique issuer DN: “c=65 ST=singapore, L=singapore, O=singapre, OU=sall, CN=saee”. This search revealed a single, self-signed certificate used across all BADBOX infrastructure, strongly suggesting a single entity is behind this operation.
Further investigation revealed that all five IP addresses associated with BADBOX share the same SSH host key, indicating a templated environment.
The BADBOX botnet presents a serious threat to the security and privacy of Android users. The fact that the malware is often pre-installed makes it incredibly difficult for users to protect themselves.
Users are advised to be cautious when purchasing devices, especially from lesser-known brands. It is also crucial to keep devices updated and to install security software to help detect and mitigate potential threats.
Related Posts:
- BADBOX Botnet Rises Again: 192,000+ Android Devices Compromised
- From Badbox to Peachpit Malware: Unraveling Android’s Multi-Million Dollar Scam
- There are high-risk vulnerabilities in the software pre-installed on Lenovo laptops
- Avast found pre-installed Cosiloon malware in devices from manufacturers like ZTE, Archos and myPhone
