Be careful when buying hardware: Devices from no-name manufacturers can be infected with malware, as a report shows once again.
A new investigation by cybersecurity firm Human Security has uncovered a large-scale malware campaign in which countless Android devices are loaded with malware before being delivered to end consumers. According to one Security researchers report Smartphones, tablets and TV boxes from one or more Chinese manufacturers are primarily affected – unfortunately we don’t know for sure. At least 74,000 infected devices are in circulation.
The campaign is called “Badbox”. Malicious actors place a backdoor called “Triada” in device firmware. As soon as one of the infected devices is switched on by a user, it establishes a connection with the attacker’s server. It allows sending commands to the device.
Cybercriminals use backdoors to, among other things, provide proxy services, create fake Gmail and WhatsApp accounts, and install other malware. According to the researchers, a particular focus is on ad fraud. Ads are secretly loaded onto devices through hidden web views and clicks are generated without the user noticing
In total, experts found more than 200 different Android models that were infected by malware ex works. The low-cost segment is almost exclusively dominated by devices from Chinese manufacturers. The malware is nearly impossible for end users to remove as it resides in a readable firmware partition
That it even got to this point is probably because of the supply chain. At some point between manufacturing and distribution to retailers, malware is installed and the packaging is sealed. This prepares each device for fraudulent activity without the retailer or buyer noticing. To ensure their IT security, consumers should choose models from well-known brands when buying a new Android device, experts recommend. The average user can do virtually nothing against malware.
This is not the first time in recent memory that we have had to report such findings. TV boxes seem to be a particularly popular target for malware
It is also certain that even well-known manufacturers are not spared from such incidents. In general, of course, it’s always important to weigh the harm caused to users by malware. Even so, no one probably wants to unknowingly assist in fraud.
While the BADBOX disruption is a victory for the cybersecurity community, research needs to further explore the supply chain that allowed the threat to emerge in the first place. For every scam uncovered by HUMAN and others, there are other threat actors ready to fill the void. This is why the economics of cybercrime is so important. increase costs for attackers and reduce costs for defenders; That narrows the window of opportunity for a particular threat actor to threaten actors and make them less profitable.
Human Security Report