Human Security, a well-known cybersecurity firm, recently discovered a large number of infected devices and the far-reaching consequences of the scheme after the malware was installed.

Details of the story

Human Security researchers found seven Android TV boxes and one tablet infected with malware, according to an exclusive report provided to WIRED. They also found signs of potential infection in more than 200 different models of Android devices installed in homes, offices, and schools across the United States.

The infected devices, often sold unbranded or under different names, are widely available online and in brick-and-mortar stores, often for less than $50. According to the Human Security report, these devices became unwitting tools in an organized cybercrime operation.

What is this virus?

The review, carried out in two separate stages, reveals the extent of the problem. It is the first stage known as. bad boxfocuses on the most compromised Android devices and their role in various fraudulent activities. These activities include ad fraud, proxy services for home users, creating fake Gmail and WhatsApp accounts, and remote code installation.

This is a firmware backdoor based on the Triada malware, which was first discovered by cybersecurity experts in 2016. Once activated, this backdoor communicates with a command and control (C2) server in China, allowing unauthorized access to installed applications on compromised devices.

But that’s not all

The second stage named after peach pit, was related to app spoofing and was found on both Android TV boxes and mobile devices. Researchers identified 39 apps for Android, iOS and TV boxes involved in this fraudulent activity. These apps used a variety of deceptive practices, including hidden ads, fake web traffic, and malicious ads.

While the people behind Peachpit are not the same people behind Badbox, there are signs that they are collaborating, particularly through the sharing of software development kits (SDKs). These scam apps have become so popular, only Android based apps are downloaded 15 million times.

Companies’ response to the threat

Google and Apple took action in response to the findings of cybersecurity experts.

• Google removed 20 Android applications labeled Human Security from the Play Store. However, it is important to note that infected Android devices do not have Play Protection certification, meaning they have not been tested by Google.
• Apple identified five apps that violated its guidelines and gave developers 14 days to fix the violations.

The threat has not passed

Although the security department has taken steps to stop ad fraud related to Badbox and Peachpit, attackers have demonstrated their ability to adapt by releasing updates and shutting down C2 servers.

As a result, infected Android TV boxes are still found in people’s homes and networks, posing a constant threat.

In light of these statements, experts advise consumers to be careful and choose branded devices from proven manufacturers when purchasing broadcast TV boxes.