December 19 (Portaltic/EP) –
The German Federal Information Security Office (BSI) has warned of the persistence of BadBox ‘malware’ integrated by default in more than 30,000 IoT devices with Android operating systemsuch as digital frames or ‘smartphones’, marketed in this country.
BadBox, also known as BadBox Loader, It is a ‘backdoor’ Trojan-type ‘malware’ that comes pre-installed on Android devices during the manufacturing process and allows attackers to carry out malicious activities, in addition to offering them a backdoor with which to include the terminal as part of a botnet.
This malicious software allows attackers to have remote control of infected devices, as well as execute random commands on them. Likewise, it extracts and steals sensitive information from the system, such as one-time passwords or login credentials, as pointed out by the National Cybersecurity Institute (INCIBE).
BadBox may also create email accounts and messaging services without consent with the aim of later being used to spread fake news, in addition to act as a residential proxy. This allows others to use the internet bandwidth and ‘hardware’ of the infected device to route their own traffic, often involving criminal operations involving the user’s IP address.
This institution has recently notified that it has paralyzed a campaign of this ‘malware’, which was pre-installed in more than 30,000 devices IoT with Android operating system distributed in this country, as indicated by the German Federal Information Office (BSI).
In addition to smartphones, BadBox was included in digital photo frames, Internet-connected media players and tablets, among others. Likewise, the office has announced in a statement that what all these terminals have in common is that they come with obsolete versions of the operating system.
To put an end to this attack, this cybersecurity agency blocked communication between infected devices and its command and control infrastructure (known as C2). Specifically, it paused requests to the Domain Name System (DNS) server so that the ‘malware’ could communicate with servers controlled by the Police instead of with the aforementioned servers, managed by the attacker.
This communications sink prevents malware from sending stolen data from infected systems to attackers and receiving new commands to execute on the infected device, preventing BadBox from running.
The BSI has indicated that internet service providers will notify customers and owners affected by this ‘malware’ based on their IP address. Because BadBox is integrated into the firmware of these devices, once the alert is received, the device must be disconnected in question and return it to the establishment where it was purchased or discard it.
“Unfortunately, malware in Internet-connected products is not an uncommon phenomenon. Obsolete firmware versions pose a great risk“, said the president of BSI, Claudia Plattner, who stressed that both “manufacturers and distributors have the responsibility of ensuring that these types of devices do not reach the market.”
In statements collected by BleepingComputerthe directive has also stressed that “consumers can also do something”, because “cybersecurity should be an important criterion when purchasing.”
Add Comment