After a researcher discovered that an Android TV streaming box, known as T95, was infected with preloaded malware, researchers at Human Security released information regarding the extent of infected devices and how malicious schemes are connected to these corrupted products.
Daniel Milisic, a systems security consultant, created a script alongside instructions to help other users mitigate the threat after first coming across the issue. Now, Human Security’s threat intelligence and research team has dubbed the operation “Bandbox,” which it characterizes as a complex, interconnected series of ad fraud schemes on a massive scale.
Human Security describes the operation as “a global network of consumer products with firmware backdoors installed and sold through a normal hardware supply chain.” Once activated, the malware on the devices connect to a command-and-control (C2) server for further instructions. In tandem, a botnet known as Peachpit is integrated with Badbox, and engages in ad fraud, residential proxy services, fake email/messaging accounts, and unauthorized remote code installation.
Comments are closed.