Badbox Operation Targets Android Devices in Fraud Schemes

Badbox Operation Targets Android Devices in Fraud Schemes

October 10, 2023 at 04:40PM

Human Security has revealed the details of a large-scale fraud scheme called “Bandbox,” which involves Android TV streaming devices infected with malware. A consultant, Daniel Milisic, has provided a script and instructions to help users mitigate the threat. Around 74,000 Android devices globally are potentially impacted by the Badbox infection, with 200 different models at risk. Human Security recommends avoiding off-brand devices and clone apps to prevent infection. However, the report warns that further investigation into the supply chain is necessary, as other threat actors may emerge.

Key Takeaways from Meeting Notes:

1. A researcher discovered that the T95 Android TV streaming box was infected with preloaded malware.
2. Human Security released information about the extent of infected devices and the interconnected fraud schemes associated with them.
3. Daniel Milisic created a script and instructions to help users mitigate the threat.
4. The operation, known as “Bandbox,” involves a global network of consumer products with firmware backdoors installed and sold through the hardware supply chain.
5. The infected devices connect to a command-and-control server for further instructions.
6. The Badbox operation integrates the Peachpit botnet, which engages in ad fraud, residential proxy services, fake email/messaging accounts, and unauthorized remote code installation.
7. Approximately 200 different models of Android devices are potentially affected, with at least 74,000 Android devices globally impacted by the Badbox infection.
8. Eight types of devices, including seven Android TV boxes (T95, T95Z, T95MAX, X88, Q9, X12PLUS, MXQ Pro 5G) and one Android tablet (J5-W), have backdoors installed.
9. The devices are manufactured in China, and the firmware backdoors are implemented somewhere in the supply chain.
10. Human Security advises users to avoid off-brand devices and be cautious of clone apps that could potentially infect their device.
11. Research must continue into the supply chain to prevent similar threats from developing in the future.

Full Article