Saturday, February 8, 2025
HomeAndroidBADBOX Botnet Surges: Over 190,000 Android Devices Infected, Including LED TVs

BADBOX Botnet Surges: Over 190,000 Android Devices Infected, Including LED TVs

Published on

SIEM as a Service

Follow Us on Google News

The BADBOX botnet, a sophisticated malware operation targeting Android-based devices, has now infected over 192,000 systems globally.

Originally confined to low-cost and off-brand devices, the malware has expanded its reach to include well-known brands such as Yandex 4K QLED TVs and Hisense smartphones.

This alarming development highlights the growing risks of supply chain vulnerabilities in consumer electronics.

BADBOX malware is embedded directly into the firmware of affected devices, meaning that users unbox products already compromised.

Once connected to the internet, these devices immediately establish communication with command-and-control (C2) servers operated by cybercriminals.

The malware’s capabilities include turning infected devices into residential proxies, conducting ad fraud, stealing two-factor authentication codes, and installing additional malicious payloads.

Such activities not only compromise user security but also enable attackers to exploit the devices for broader cybercrime operations.

Supply Chain Compromise at the Core

Researchers believe BADBOX’s infiltration stems from supply chain attacks during manufacturing or distribution.

The malware is thought to be derived from the Triada family of Android malware, known for its stealthy backdoor operations.

Devices infected with BADBOX are sold through popular online retailers, making it nearly impossible for consumers to detect the threat before purchase.

A recent sinkhole operation by cybersecurity researchers revealed over 160,000 unique IPs attempting to connect to a single BADBOX C2 server within 24 hours.

This underscores the botnet’s rapid growth and widespread impact across countries such as Russia, China, India, Brazil, Belarus, and Ukraine.

Implications and Response

According to the Censys report, BADBOX’s ability to infect trusted brands raises serious concerns about supply chain integrity and device security.

The malware operates at a firmware level, making it nearly impossible for users to remove without replacing the entire firmware a task beyond most consumers’ capabilities.

German authorities recently disrupted part of the botnet by sinkholing one of its C2 servers, severing communication for approximately 30,000 devices in the country.

Experts recommend immediate action for affected users: disconnect compromised devices from networks and replace them if possible.

Manufacturers are urged to strengthen their supply chain security measures to prevent future incidents.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...

Hackers Leveraging Image & Video Attachments to Deliver Malware

Cybercriminals are increasingly exploiting image and video files to deliver malware, leveraging advanced techniques...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

Autonomous LLMs Reshaping Pen Testing: Real-World AD Breaches and the Future of Cybersecurity

Large Language Models (LLMs) are transforming penetration testing (pen testing), leveraging their advanced reasoning...

Securing GAI-Driven Semantic Communications: A Novel Defense Against Backdoor Attacks

Semantic communication systems, powered by Generative AI (GAI), are transforming the way information is...

Cybercriminals Target IIS Servers to Spread BadIIS Malware

A recent wave of cyberattacks has revealed the exploitation of Microsoft Internet Information Services...