Satori Threat Research Team has discovered a new fraud campaign called BADBOX 2.0, affecting over 1 million unlicensed Android devices such as tablets, TV boxes, and digital projectors.
Backdoor appears on Android devices
The BADBOX 2.0 campaign involves infecting devices with malware that allows hackers to gain remote access. These devices are part of the Android Open Source Project (AOSP), meaning they are not Play Protect certified like Pixel or Galaxy phones, thus lacking a key layer of security that makes them attractive targets for threat actors.
According to the research team, BADBOX 2.0 is controlled through a backdoor that allows the attacker to maintain persistent access to the device. One of the distribution channels for this backdoor is through a pre-installed app that activates when the device is powered on. Another channel is unofficial app stores that users download.
Many ways to hack into Android devices
Notably, a device can be infected with malware right out of the box. In some cases, an infected device will automatically contact a command and control (C2) server and download a malicious file when it first boots up. This can leave the user unaware until it is too late.
Even if users are lucky enough to purchase an uninfected device, the risk still lurks online. The researchers said apps containing the BB2DOOR backdoor have been found on unofficial app stores and are still capable of infecting people after being installed.
BADBOX 2.0 traffic has been observed in 222 countries and territories worldwide, with more than a third of the infected devices located in Brazil, where third-party AOSP devices are prevalent. The Satori team concluded that while they were able to identify the threat actor groups behind the activity, disrupting the threat remains difficult because the supply chain of compromised devices remains intact.
Source: https://thanhnien.vn/hon-1-trieu-thiet-bi-android-dang-gap-nguy-hiem-185250308104458343.htm
Comment (0)