- Security scientists Human and Partners Disturb Badbox 2.0 Botnet
- They removed dozens of malicious apps from the Play store and sinked several domains
- Botnet Targeted Off-Brand, Cheap Android Devices
Badbox 2.0, the spiritual successor of the Badbox Android Malware, has been disturbed by cyber security experts from human satori threat information team along with several partners, removed dozens of malicious apps from the Play Store, forbidden their developers and synchholed communication for hundreds of thousands of infected units.
“The infected devices are the Android Open Source Project devices, not Android TV OS -Devices or playback of certified Android devices. All of these devices are manufactured in the Chinese mainland and sent globally, ”the researchers explained.
In total, 24 malicious apps in Play Store Distributing Badbox 2.0 were removed and the developer accounts that uploaded these apps were banned from the platform. Human then also sinked a non -public number of domains, which effectively cuts off communication between malware and the C2 servers -so in other words, the devices are still infected, but malware is not operational.
Sinking hole of the domains
Badbox is a piece of malware that transforms infected Android devices into housing proxy. They are used in ad fraud, identification filling and other forms of cybercrime. Apparently infected badbox hundreds of thousands of devices, from TV streaming boxes, to smart TVs and smartphones. No one knows exactly how these devices ended up being infected. Some believe they were compromised in early production, while others claim that Badbox was dropped somewhere along the supply chain. In any case, these are overwhelmingly low cost points, “off-brand” or unsertified devices.
German authorities recently disturbed the operation within its borders, but it side -lane it slightly. In the weeks following surgery, Badbox grew to more than a million infected devices (although mostly located outside Germany, in countries such as Brazil, USA and Mexico).
Given its size and resilience, security researchers from Human called the “Badbox 2.0” appeared. Now with Google, Trendmicro, Shadowserver Foundation and other partners, Human is disturbing the new operation in several ways.
As usual, the best way to defend against these attacks is to buy hardware and software from reputable sources, keep the assets up to date and monitor for malicious activity.
Via Bleeping computer
