The BadBox malware botnet has surged to infect over 192,000 Android devices globally, including well-known brands like Yandex TVs and Hisense smartphones. This comes despite recent disruption efforts, such as a sinkhole operation by Germany’s Federal Office for Information Security (BSI) targeting the botnet’s command and control servers.
BadBox, linked to the Triada malware family, initially targeted no-name Chinese Android devices via supply chain attacks or malicious firmware injections. Its primary goal is financial exploitation, using infected devices for ad fraud, turning them into residential proxies, or deploying additional malicious payloads.
Originally identified on a T95 Android TV box purchased online, the malware has since expanded to trusted brands, marking a significant evolution in its operations.
Last week, the BSI sinkholed a command and control server linked to BadBox, disrupting communications for around 30,000 infected devices in Germany. These primarily included Android-based digital picture frames and streaming boxes. However, the malware persists, with reports of its presence in broader product categories.
Continued Growth Despite Countermeasures
A new report by BitSight confirms that the botnet is actively growing. Researchers sinkholed another BadBox domain, observing over 160,000 unique IP connections within 24 hours, indicating significant expansion. Approximately 160,000 infected devices are Yandex 4K QLED Smart TVs, popular in Russia, with others being Hisense T963 smartphones.
BadBox's reach spans countries like Russia, China, India, Belarus, Brazil, and Ukraine, highlighting the global scale of this cyber threat.
To mitigate risks:
* Apply the latest firmware and security updates.
* Isolate smart devices from critical systems.
* Disconnect devices from the internet when not in use.
* For devices without updates, consider removing them from your network or powering them off.
Signs of infection include overheating, performance lags, unusual network activity, and altered device settings.
The BadBox malware operation underscores the critical need for proactive security measures in smart devices. Users must remain vigilant, routinely update firmware, and monitor device activity to minimize exposure to growing botnet threats.
