Image: sarayut Thaneerat/Getty Images.
If you purchased a T95 Android TV box (or a similar model), there is a good chance that malware came pre-installed on your device. And not just any malware! We are talking about two different Trojans here, Badbox and Peachpit, two rather devastating code combinations.
More than 74,000 Android devices affected
Regarding Badbox, you just need to see the extent of its spread: it has already affected more than 74,000 Android devices around the world. In reality, this is not ordinary malware. Rather, it is a chain of fairly complex and interconnected frauds.
Essentially, Badbox is a set of firmware backdoors installed through the usual hardware supply chain. These devices are distributed to homes and, once started and connected to a network, they immediately connect to a command and control server where they receive their instructions.
Badbox uses fraudulent ads, residential proxy services, and fake email accounts to install malicious code. Peachpit is the ad fraud component of Badbox. It can quickly deliver malicious advertisements for products which, once installed, will infect your devices.
Over 200 different models affected
This type of attack has been around for years, but it has become increasingly sophisticated. This time, the cybercriminal operation (named Badbox by Human Security) turned out to be very complex and global in scope.
To make matters worse, Human Security discovered that Badbox goes beyond T95 devices to include seven different set-top boxes (T95, T95Z, T95MAX, X88, Q9, X12PLUS and MXQ Pro 5G) as well as an Android tablet (the J5- W). These T95 cases (and their knockoffs) are inexpensive – less than $50 – and so may be an attractive option for many users. The cases are often unbranded or sold under different names (a rampant phenomenon found at many online retailers).
Last January, the first case of purchasing a set-top box with this malware pre-installed was reported. According to the report, the device (called the AllWinner T616 processor) used an Android 10 ROM, and once operational, it attempted to connect to IP addresses associated with active malware.
With Badbox, over 200 different models of Android devices could be affected.
What to do to protect yourself?
The solution is simple: don’t buy unbranded set-top boxes or devices that copy other devices. It seems simple, but above all it is effective.
When shopping online, you will find an endless number of cheap devices. But don’t forget, before purchasing, to check the brand name. For example, you came across a device whose brand is “AllWinner”. Do a search: If you cannot find any information about the company or brand “AllWinner”, avoid purchasing the device. If you find information from a reputable source that indicates the brand is both legal and trustworthy, you may want to consider this purchase.
Another preventive measure, which should apply in general to your internet browsing: do not click on advertisements. Especially if they contain typos, unfamiliar brand names, or offers that seem too good to be true.
The good news is that Google has confirmed that the malicious apps have been removed from the Google Play Store. This doesn’t mean that Badbox’s vulnerability isn’t still present, however. But if you avoid buying junk or cheap devices and only install essential apps on your phones and tablets, you should be able to avoid these kinds of problems.
Source: ZDNet.com