Germany Disrupts BADBOX Malware on 30,000 Devices Using Sinkhole Action

Category	Details
Threat Actors	Unknown threat actors, primarily operating out of China
Campaign Overview	BSI disrupted the BADBOX malware operation preloaded on at least 30,000 internet-connected devices in Germany, targeting low-cost devices.
Target Regions (Victims)	Germany, internet-connected devices across the country (digital picture frames, media players, streamers, phones, tablets)
Methodology	Sinkholing C2 domains, exploiting supply chain vulnerabilities, embedding malware during device manufacturing
Product Targeted	Off-brand Android devices, digital picture frames, media players, streaming devices, phones, tablets
Malware Reference	BADBOX (Triada malware embedded in devices)
Tools Used	Sinkholing domains, command-and-control (C2) server communication disruption, exploit tools for weak supply chain vulnerabilities
Vulnerabilities Exploited	Weak supply chain links, outdated Android firmware pre-installed with malware, compromised manufacturing processes
TTPs	Ad fraud botnet PEACHPIT, spoofing apps, data collection (authentication codes), proxy routing, malware installation
Attribution	Operating out of China, linked to supply chain exploitation, targeting low-cost Android devices
Recommendations	Internet providers instructed to redirect traffic to sinkholes, consumers urged to disconnect affected devices from the internet immediately
Source	The Hackers News

Read full article: https://thehackernews.com/2024/12/germany-disrupts-badbox-malware-on.html

The above summary has been generated by an AI language model