Source URL: https://www.theregister.com/2025/03/07/badbox_botnet_returns/
Source: The Register
Title: The Badbox botnet is back, powered by up to a million backdoored Androids
Feedly Summary: Best not to buy cheap hardware and use third-party app stores if you want to stay clear of this vast ad fraud effort
Human Security’s Satori research team says it has found a new variant of the remote-controllable Badbox malware, and as many as a million infected Android devices running it to form a massive botnet.…
AI Summary and Description: Yes
Summary: The text outlines a significant security threat posed by a new variant of the Badbox malware, which has infected nearly a million Android devices. This malware forms a botnet that conducts extensive ad fraud and operates through a complex scheme involving supply chain manipulation and malware-laden applications.
Detailed Description:
– The Satori research team from Human Security has identified a new variant of the Badbox malware, which has infected close to a million Android devices.
– The malware primarily targets devices running the Android Open Source Project (AOSP), including low-cost smartphones, internet-connected TV boxes, tablets, and digital projectors.
– Initial outbreaks of Badbox were spotted in 2023, involving devices sold as knock-offs of reputable brands like Apple TV and Amazon Fire.
– Gavin Reid, CISO of Human Security, revealed that the botnet’s operators intervene in supply chains to alter cheap hardware, install malware in either firmware or popular apps, and then sell the modified products.
– Over 200 apps found on third-party Android app stores are infected. These apps often imitate legitimate applications, tricking users in developing regions into downloading them.
– The scale of the Badbox 2.0 scheme is reportedly much larger than previous iterations, characterized by an increase in targeted device types, infection rates, and operational complexity.
– The botnet capitalizes on hidden advertising clicks and views, complicating detection by legitimate ad networks.
– The operators employ tactics like obfuscating their activities to blend legitimate and fraudulent traffic, making it challenging for defenses to catch them.
– Satori’s findings indicate the malware is also capable of stealing passwords input on compromised devices.
– Even after interventions by Human Security and other organizations, around 500,000 devices remain infected, though proactive measures are underway to reduce this number.
– The conclusion is that despite progress, the criminal element behind Badbox 2.0 is likely to evolve their strategies and attempt to revive their operations.
**Key Insights for Security Professionals:**
– Continuous monitoring and updating of security measures are crucial, especially on devices using AOSP.
– Collaboration between organizations like Human Security and Google is vital in tackling botnet threats.
– Awareness of the risks posed by third-party app stores is essential for both consumers and cybersecurity professionals.
– The need for robust detection measures to identify and mitigate both ad fraud and data theft tactics employed by malware operators is pressing.
Overall, the text provides critical insights into the evolving landscape of malware threats, particularly those exploiting vulnerabilities in Android ecosystems and supply chains, underlining the importance of vigilance in security practices.