Raspberry Pi Transformed by Hackers into an Online Anonymity Tool

Recently, a new tool named GEOBOX surfaced on the Dark Web, leveraging Raspberry Pi devices for fraudulent activities and anonymity purposes. This tool enables users to spoof GPS locations, emulate network settings, mimic Wi-Fi access points, and bypass anti-fraud filters.

Criminals have been observed using multiple GEOBOX devices as proxies to enhance their anonymity during online banking theft investigations. It is anticipated that attackers will increasingly utilize custom-made or modified devices in the future, posing challenges for law enforcement agencies.

GEOBOX is being advertised on underground forums and Telegram for a fee of $700 for a lifetime subscription or $80 monthly in cryptocurrency. The tool utilizes Raspberry Pi to create an anonymous and fraudulent device, accompanied by a user manual with clear setup instructions.

The manual provides guidance on selecting an SD card for optimal performance, downloading Raspberry Pi OS from the official website, and obtaining the GEOBOX software image. After installing the OS, users are instructed on how to activate the device, connect to the Internet, and configure GEOBOX functions.

Key Features of GEOBOX:

• A software suite designed for network configuration on Raspberry Pi.
• Supports managing multiple VPN connections with protocols like OpenVPN, L2TP, and Wireguard.
• Users can create and switch between VPN profiles for customized network routing.
• Supports creating cascaded VPN tunnels for enhanced anonymity.
• Allows configuration of proxy servers to manipulate DNS, GPS, and Wi-Fi MAC address information.
• Provides a GPS emulator for devices lacking a GPS receiver.
• Enables users to manage Wi-Fi network settings and DNS servers.
• Offers a Mimic Tab for monitoring data manipulation and a Log Tab for system diagnostics.

Technical Insights:

GEOBOX utilizes WebRTC IP, GPS spoofing, and MAC address masking to anonymize online activity and manipulate geolocation. It offers a variety of functionalities through a web interface, including proxy server configuration, VPN connectivity, and altering Wi-Fi network parameters.

However, GEOBOX also presents significant cybersecurity challenges as it can be exploited for various cybercrimes such as cyber-attacks, dark web market operations, and financial fraud.

Security firm Resecurity discovered cybercriminals using GEOBOX with multiple LTE modems and proxy servers to anonymize connections, making tracing difficult, especially for remote access. Criminals employ short sessions to eliminate evidence, hindering investigations, while easy access to GEOBOX raises concerns about its potential widespread use.

The evolving threat landscape underscores the urgent need for advanced security solutions and global cooperation to combat increasingly sophisticated cybercrime.