| Category | Details |
|---|---|
| Threat Actors | Unknown threat actors, primarily operating out of China |
| Campaign Overview | BSI disrupted the BADBOX malware operation preloaded on at least 30,000 internet-connected devices in Germany, targeting low-cost devices. |
| Target Regions (Victims) | Germany, internet-connected devices across the country (digital picture frames, media players, streamers, phones, tablets) |
| Methodology | Sinkholing C2 domains, exploiting supply chain vulnerabilities, embedding malware during device manufacturing |
| Product Targeted | Off-brand Android devices, digital picture frames, media players, streaming devices, phones, tablets |
| Malware Reference | BADBOX (Triada malware embedded in devices) |
| Tools Used | Sinkholing domains, command-and-control (C2) server communication disruption, exploit tools for weak supply chain vulnerabilities |
| Vulnerabilities Exploited | Weak supply chain links, outdated Android firmware pre-installed with malware, compromised manufacturing processes |
| TTPs | Ad fraud botnet PEACHPIT, spoofing apps, data collection (authentication codes), proxy routing, malware installation |
| Attribution | Operating out of China, linked to supply chain exploitation, targeting low-cost Android devices |
| Recommendations | Internet providers instructed to redirect traffic to sinkholes, consumers urged to disconnect affected devices from the internet immediately |
| Source | The Hackers News |
Read full article: https://thehackernews.com/2024/12/germany-disrupts-badbox-malware-on.html
The above summary has been generated by an AI language model
Related posts:
Scammer Black Friday offers: Online shopping threats and dark web
'PopeyeTools' marketplace for stolen credit cards disrupted by feds
Threat Brief: Operation Lunar Peek, Activity Related to CVE-2024-0012 and CVE-2024-9474 (Updated Nov. 22)
Another teenage hacker charged as feds continue Scattered Spider crackdown
Leave a Reply