Cybercriminals conducted a major operation and sold more than 200 devices that were already infected with malware. They have also created a massive ad fraud network that generates billions of requests every day thanks to fake applications on the Play Store and App Store. A case described in detail by human experts.
This will also interest you
[EN VIDÉO] Cyber espionage: what are the threats? Interference in elections, theft of industrial data, hacking of military systems… Cyber espionage has…
Cybersecurity company Human has published a detailed report on a massive operation called BadBox, which sells devices pre-infected with malware, as well as PeachPit, its ad fraud network that generates revenue by creating fake views or clicks on mobile ads.
The BadBox operation sells unbranded mobile phones and connected TVs that are made in China and infected with Triada, an Android malware whose first version was discovered in 2016. BadBox operators can then use this to download additional malware. Human has discovered more than 200 types of Android devices infected with BadBox. Despite the importance of the operation, it only involves unbranded devices of Chinese origin. However, cybercriminals have also targeted other devices to create a botnet called PeachPit.
More than 4 billion advertising requests per day
The BadBox operators distributed a total of 39 fake applications for mobile phones and connected TVs, which were published on the Google Play Store and the Apple App Store. At its peak, the network had 121,000 Android devices and 159,000 iOS devices spread across 227 countries. The apps were reportedly installed more than 15 million times in total and allowed cybercriminals to steal personal information, act as a proxy for other devices (accessing the Internet through the infected device), bypass blocks, or hide the origin of criminal activity ) and engaging in advertising fraud. The PeachPit network generated an average of 4 billion advertising requests per day.
Human says it worked with Apple and Google to take down PeachPit and that the cybercriminals also removed the malware from BadBox devices. However, on BadBox devices that were sold already infected, the Triada malware resides on a read-only partition. Therefore, it is impossible for the average user to eliminate it. Human therefore advises against purchasing devices that do not have Google’s Play Protect certification.