December 13, 2024 at 06:26AM
Germany’s Federal Office for Information Security reported that over 30,000 media devices sold with pre-installed BadBox malware became part of a botnet. The agency has disrupted communication between infected devices and their command servers, advising users to disconnect and scan devices, while working with internet providers to address the issue.
### Meeting Takeaways:
1. **Malware Discovery**: Over 30,000 media devices sold in Germany were found to be pre-installed with BadBox malware, compromising user security.
2. **Device Types Affected**: The infected devices include photo frames and streaming devices running outdated Android versions.
3. **BSI Actions**: Germany’s Federal Office for Information Security (BSI) has implemented a sinkhole strategy to disrupt communications between infected devices (BadBox bots) and their command-and-control servers, working with major internet providers to manage traffic redirection.
4. **Consumer Advisory**:
– Disconnect affected devices from the internet.
– Conduct scans for any signs of infection.
– Verify manufacturer reliability and check security settings before purchasing devices.
5. **Background on BadBox**:
– Initially identified in October of the previous year, it was linked to infections in over 70,000 Android devices from a particular Chinese manufacturer, which included other forms of malware such as Triada.
– BadBox has been involved in ad-fraud schemes, utilizing both Android and iOS devices and allowing for the creation of messaging accounts and remote installations.
6. **Persistence of the Malware**: BadBox is installed at the firmware level and cannot be removed by users, highlighting significant security concerns regarding low-cost devices and supply chain integrity.
7. **Related Security Threats**: Mention of other security threats, such as the ‘DroidBot’ Trojan and DrainerBot SKD, indicates a broader context of vulnerabilities in Android devices.
### Recommendations:
– Keep devices updated and research manufacturers before purchase.
– Report any suspicious activity to authorities.