BADBOX Cybersecurity Alert: Massive Malware Scheme and Ongoing Threats
09.10.2023 posted by Admin
In a nutshell, cybersecurity company Human Security recently exposed an attack scheme called BADBOX, where off-brand mobile and Connected TV (CTV) devices were sold online, preloaded with a known malware called Triada. This campaign infected over 200 device models, and about 80% of specific devices tested were found to be compromised.
Further investigation of these infected devices revealed an ad fraud module named PEACHPIT, which operated on a botnet of 121,000 Android devices per day at its peak and also affected 159,000 Apple devices daily. These infected devices were secretly generating over four billion ads daily without users' knowledge.
Human Security collaborated with Apple and Google to counter the PEACHPIT threat, but they warn that BADBOX devices are still widely available. These malicious devices can potentially steal personal information, run hidden bots, create proxy exit peers, pilfer cookies, and execute various fraudulent activities.
Moving on to another issue, it's been four months since vulnerabilities in Progress Software's MOVEit file transfer software were publicly revealed. Sony recently disclosed that it fell victim to this vulnerability, leading to the exposure of data from 6,791 of its U.S. employees. The vulnerability allowed hackers to gain unauthorized access through an SQL injection attack.
Surprisingly, this breach was discovered in May but only acknowledged publicly in October. Sony had already faced another security breach earlier, where a group called Ransomed.vc claimed to have hacked the company.
In other news, there's a critical vulnerability in CURL, a widely used command-line URL fetching tool, prompting the release of a patch. Additionally, Qakbot, a long-standing malware operation, seems to have survived despite international efforts to take it down.
Lastly, genetics firm 23andMe experienced a credential stuffing attack, resulting in the theft of personal information, including genetic ancestry data. Attackers were able to access accounts due to users employing the same login credentials across multiple websites. This incident highlights the importance of using unique passwords and enabling two-factor authentication where available.
Further investigation of these infected devices revealed an ad fraud module named PEACHPIT, which operated on a botnet of 121,000 Android devices per day at its peak and also affected 159,000 Apple devices daily. These infected devices were secretly generating over four billion ads daily without users' knowledge.
Human Security collaborated with Apple and Google to counter the PEACHPIT threat, but they warn that BADBOX devices are still widely available. These malicious devices can potentially steal personal information, run hidden bots, create proxy exit peers, pilfer cookies, and execute various fraudulent activities.
Moving on to another issue, it's been four months since vulnerabilities in Progress Software's MOVEit file transfer software were publicly revealed. Sony recently disclosed that it fell victim to this vulnerability, leading to the exposure of data from 6,791 of its U.S. employees. The vulnerability allowed hackers to gain unauthorized access through an SQL injection attack.
Surprisingly, this breach was discovered in May but only acknowledged publicly in October. Sony had already faced another security breach earlier, where a group called Ransomed.vc claimed to have hacked the company.
In other news, there's a critical vulnerability in CURL, a widely used command-line URL fetching tool, prompting the release of a patch. Additionally, Qakbot, a long-standing malware operation, seems to have survived despite international efforts to take it down.
Lastly, genetics firm 23andMe experienced a credential stuffing attack, resulting in the theft of personal information, including genetic ancestry data. Attackers were able to access accounts due to users employing the same login credentials across multiple websites. This incident highlights the importance of using unique passwords and enabling two-factor authentication where available.