Infected devices made in China, where the malware is secretly installed in them
/* inline tdc_css att */.tdi_30_4e6{margin-top:0px !important;margin-right:-40px !important;margin-left:-40px !important;padding-top:30px !important;padding-right:40px !important;padding-bottom:42px !important;padding-left:40px !important;position:relative;}/* portrait */@media (min-width: 768px) and (max-width: 1018px){.tdi_30_4e6{margin-right:-30px !important;margin-left:-30px !important;padding-right:30px !important;padding-bottom:20px !important;padding-left:30px !important;}}/* phone */@media (max-width: 767px){.tdi_30_4e6{margin-right:-24px !important;margin-left:-24px !important;padding-top:25px !important;padding-right:24px !important;padding-bottom:16px !important;padding-left:24px !important;}}/* custom css */.td-pb-span12 .tdi_30_4e6 img.aligncenter,.td-pb-span12 .tdi_30_4e6 .aligncenter img{ margin-left: -1px; width: calc(100% + (2 * 1px)); max-width: none !important; }.td-pb-span12 .tdi_30_4e6 .alignleft{ margin-left: -1px; }.td-pb-span12 .tdi_30_4e6 .alignright{ margin-right: -1px; }.tdi_30_4e6, .tdi_30_4e6 > p{ font-family:”Helvetica Neue”, Helvetica, Arial, sans-serif !important;font-size:17px !important;line-height:1.8 !important;font-weight:400 !important; }.tdi_30_4e6 h1{ font-family:”Helvetica Neue”, Helvetica, Arial, sans-serif !important;font-style:normal !important;font-weight:700 !important;text-transform:uppercase !important; }.tdi_30_4e6 h2{ font-family:”Helvetica Neue”, Helvetica, Arial, sans-serif !important;font-style:normal !important;font-weight:700 !important;text-transform:uppercase !important; }.tdi_30_4e6 h3{ font-family:”Helvetica Neue”, Helvetica, Arial, sans-serif !important; }.tdi_30_4e6 h4{ font-family:”Helvetica Neue”, Helvetica, Arial, sans-serif !important; }.tdi_30_4e6 h6{ font-family:”Helvetica Neue”, Helvetica, Arial, sans-serif !important; }.tdi_30_4e6 blockquote p{ font-family:”Helvetica Neue”, Helvetica, Arial, sans-serif !important;font-style:italic !important;font-weight:500 !important;text-transform:uppercase !important; color: #000000; }.tdi_30_4e6,.tdi_30_4e6 p{ color: #444444; }.tdi_30_4e6 .wp-caption-text{ color: #000000; }.tdi_30_4e6 [class*=’top_ad’] .td-adspot-title{ color: #dd3333; }.tdi_30_4e6 [class*=’inline_ad0′] .td-adspot-title{ color: #ffffff; }.tdi_30_4e6 [class*=’inline_ad1′] .td-adspot-title{ color: #ffffff; }.tdi_30_4e6 [class*=’inline_ad2′] .td-adspot-title{ color: #ffffff; }.tdi_30_4e6 [class*=’bottom_ad’] .td-adspot-title{ color: #dd3333; }.tdi_30_4e6_rand_style{background-color:#ffffff !important;}
In a startling revelation, cybersecurity firm Human Security has exposed a troubling trend. The firm has identified numerous Android TV boxes, and at least one tablet come pre-infected with malicious Triada-based malware.
This malware poses significant threats, including ad fraud, the creation of counterfeit accounts, and unauthorized access to home networks by surreptitiously funnelling data to servers located in China, as reported by Tom’s Guide.
Android TV boxes infected by malware linked to fraud
Human Security’s latest report has alarmed the tech community as it sheds light on the prevalence of these infected devices. Researchers at the firm have uncovered disturbing evidence that several models of Android TV boxes and one tablet are shipped with perilous firmware backdoors, making them challenging to detect and remove.
.u189565f1f94e12eb443abf42a0e6e1b6 { padding:0px; margin: 0; padding-top:1em!important; padding-bottom:1em!important; width:100%; display: block; font-weight:bold; background-color:#eaeaea; border:0!important; border-left:4px solid #2980B9!important; text-decoration:none; } .u189565f1f94e12eb443abf42a0e6e1b6:active, .u189565f1f94e12eb443abf42a0e6e1b6:hover { opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; text-decoration:none; } .u189565f1f94e12eb443abf42a0e6e1b6 { transition: background-color 250ms; webkit-transition: background-color 250ms; opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; } .u189565f1f94e12eb443abf42a0e6e1b6 .ctaText { font-weight:bold; color:#464646; text-decoration:none; font-size: 16px; } .u189565f1f94e12eb443abf42a0e6e1b6 .postTitle { color:#000000; text-decoration: underline!important; font-size: 16px; } .u189565f1f94e12eb443abf42a0e6e1b6:hover .postTitle { text-decoration: underline!important; } See also Netizen laments losing S$10,150 online
The magnitude of the threat is staggering, with at least 74,000 Android mobile phones, tablets, and connected TV boxes worldwide exhibiting signs of infection. What’s even more troubling is the revelation that approximately 200 different Android device models may be affected by this malware, as reported by Wired.
.uee0a0f52e25fd4e3b5f997746defa996 { padding:0px; margin: 0; padding-top:1em!important; padding-bottom:1em!important; width:100%; display: block; font-weight:bold; background-color:#eaeaea; border:0!important; border-left:4px solid #2980B9!important; text-decoration:none; } .uee0a0f52e25fd4e3b5f997746defa996:active, .uee0a0f52e25fd4e3b5f997746defa996:hover { opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; text-decoration:none; } .uee0a0f52e25fd4e3b5f997746defa996 { transition: background-color 250ms; webkit-transition: background-color 250ms; opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; } .uee0a0f52e25fd4e3b5f997746defa996 .ctaText { font-weight:bold; color:#464646; text-decoration:none; font-size: 16px; } .uee0a0f52e25fd4e3b5f997746defa996 .postTitle { color:#000000; text-decoration: underline!important; font-size: 16px; } .uee0a0f52e25fd4e3b5f997746defa996:hover .postTitle { text-decoration: underline!important; } See also Two students scam Apple of about US$1 million using fake iPhones
Identified compromised devices
In their investigation, the cybersecurity experts pinpointed eight devices with these malicious backdoors installed from the outset. These devices encompass seven TV boxes, specifically the T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G, along with a tablet identified as J5-W. These devices have a diverse user base, ranging from households to businesses and schools across the United States.
Gavin Reid, Human Security’s Chief Information Security Officer (CISO), emphasized the global reach of this fraudulent operation, stating, “This is a truly distributed way of doing fraud.” Law enforcement agencies have been provided with detailed information regarding the potential origins of these compromised devices.
.u4e0121bf85258a81adf6a4c339b68408 { padding:0px; margin: 0; padding-top:1em!important; padding-bottom:1em!important; width:100%; display: block; font-weight:bold; background-color:#eaeaea; border:0!important; border-left:4px solid #2980B9!important; text-decoration:none; } .u4e0121bf85258a81adf6a4c339b68408:active, .u4e0121bf85258a81adf6a4c339b68408:hover { opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; text-decoration:none; } .u4e0121bf85258a81adf6a4c339b68408 { transition: background-color 250ms; webkit-transition: background-color 250ms; opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; } .u4e0121bf85258a81adf6a4c339b68408 .ctaText { font-weight:bold; color:#464646; text-decoration:none; font-size: 16px; } .u4e0121bf85258a81adf6a4c339b68408 .postTitle { color:#000000; text-decoration: underline!important; font-size: 16px; } .u4e0121bf85258a81adf6a4c339b68408:hover .postTitle { text-decoration: underline!important; } See also Hunted by liquidators, ex-bosses of Singapore-based bankrupt crypto firm point fingers at FTX
So, how does this scheme operate? The infected devices are manufactured in China, where, at some point during the commercial supply chain process, a malware-based firmware backdoor is clandestinely integrated. This backdoor is constructed using the notorious Triada malware, which acts as a “downloader” primarily designed to establish a gateway for installing other malicious software. These infections, known as Badbox infections, are intricately linked to a vast network of fraud and cybercrime.
.u0b52ddbb3c652ed217f161335b77b302 { padding:0px; margin: 0; padding-top:1em!important; padding-bottom:1em!important; width:100%; display: block; font-weight:bold; background-color:#eaeaea; border:0!important; border-left:4px solid #2980B9!important; text-decoration:none; } .u0b52ddbb3c652ed217f161335b77b302:active, .u0b52ddbb3c652ed217f161335b77b302:hover { opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; text-decoration:none; } .u0b52ddbb3c652ed217f161335b77b302 { transition: background-color 250ms; webkit-transition: background-color 250ms; opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; } .u0b52ddbb3c652ed217f161335b77b302 .ctaText { font-weight:bold; color:#464646; text-decoration:none; font-size: 16px; } .u0b52ddbb3c652ed217f161335b77b302 .postTitle { color:#000000; text-decoration: underline!important; font-size: 16px; } .u0b52ddbb3c652ed217f161335b77b302:hover .postTitle { text-decoration: underline!important; } See also Fake degrees rampant even among senior management jobs in Malaysia
Gavin Reid explained the modus operandi of the malware, saying, “Unbeknownst to the user, when you plug this thing in, it goes to a command and control (C2) in China and downloads an instruction set and starts doing a bunch of bad stuff.”
Fraudulent activities
Once hackers gain access to these compromised devices, they employ them for various types of fraudulent activities, including:
advertising fraudcreation of fake Gmail and WhatsApp accountsremote code installations
The group orchestrating this scheme reportedly sells access to residential networks on the black market and claims to have control over millions of mobile IP addresses.
.u498bf603ebb714f53e3e953816af1463 { padding:0px; margin: 0; padding-top:1em!important; padding-bottom:1em!important; width:100%; display: block; font-weight:bold; background-color:#eaeaea; border:0!important; border-left:4px solid #2980B9!important; text-decoration:none; } .u498bf603ebb714f53e3e953816af1463:active, .u498bf603ebb714f53e3e953816af1463:hover { opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; text-decoration:none; } .u498bf603ebb714f53e3e953816af1463 { transition: background-color 250ms; webkit-transition: background-color 250ms; opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; } .u498bf603ebb714f53e3e953816af1463 .ctaText { font-weight:bold; color:#464646; text-decoration:none; font-size: 16px; } .u498bf603ebb714f53e3e953816af1463 .postTitle { color:#000000; text-decoration: underline!important; font-size: 16px; } .u498bf603ebb714f53e3e953816af1463:hover .postTitle { text-decoration: underline!important; } See also K-pop Star Hyeme Accused of Deceiving Fan Out of SGD60,300; Faces Lawsuit for Fraud
Human Security reported that the operators behind BadBox have recently taken down their command-and-control servers, presumably to adapt and evade detection in response to heightened scrutiny. Consumers are strongly advised against using the infected devices, as the malware is deeply embedded in the firmware partition, making it exceptionally challenging to remove without technical expertise.
.u8736a9db8350b5b6e229998e5453a5c3 { padding:0px; margin: 0; padding-top:1em!important; padding-bottom:1em!important; width:100%; display: block; font-weight:bold; background-color:#eaeaea; border:0!important; border-left:4px solid #2980B9!important; text-decoration:none; } .u8736a9db8350b5b6e229998e5453a5c3:active, .u8736a9db8350b5b6e229998e5453a5c3:hover { opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; text-decoration:none; } .u8736a9db8350b5b6e229998e5453a5c3 { transition: background-color 250ms; webkit-transition: background-color 250ms; opacity: 1; transition: opacity 250ms; webkit-transition: opacity 250ms; } .u8736a9db8350b5b6e229998e5453a5c3 .ctaText { font-weight:bold; color:#464646; text-decoration:none; font-size: 16px; } .u8736a9db8350b5b6e229998e5453a5c3 .postTitle { color:#000000; text-decoration: underline!important; font-size: 16px; } .u8736a9db8350b5b6e229998e5453a5c3:hover .postTitle { text-decoration: underline!important; } See also Hunted by liquidators, ex-bosses of Singapore-based bankrupt crypto firm point fingers at FTX
Gavin Reid offered valuable advice to potential buyers in the market for a new TV streaming box, recommending that they go for familiar brands and stick to devices from reputable manufacturers.
As we become more reliant on technology, it’s important to be vigilant and cautious to protect oneself from such harmful threats.
