Cybercriminals staged a massive operation, selling more than 200 devices pre-infected with malware. They also launched a vast network of advertising fraud, generating billions of requests daily, thanks to fake applications on the Play Store and the App Store. A case detailed by Human experts.
This will also interest you
[EN VIDÉO] Cyberespionage: what are the threats? Interference in elections, theft of industrial data, hacking of military systems… Cyber espionage has…
Cybersecurity company Human has just published a detailed report on a massive operation called BadBox that sells devices pre-infected with malware, as well as PeachPit, its ad fraud network that generates revenue by creating fake views or clicks on mobile ads.
The BadBox operation sells unbranded mobiles and connected TVs, made in China and infected with Triada, an Android malware whose first version was discovered in 2016. BadBox operators can then use it to download other malware . Human has detected more than 200 types of Android devices infected with BadBox. Despite the importance of the operation, it only concerns unbranded devices of Chinese origin. However, cybercriminals have also targeted other devices to create a botnet named PeachPit.
More than 4 billion advertising requests per day
BadBox operators distributed a total of 39 fake applications for mobiles and connected TVs, published on the Google Play Store and the Apple App Store. At its peak, the network had 121,000 Android devices and 159,000 iOS devices, spread across 227 countries. The apps were reportedly installed more than 15 million times in total and allowed cybercriminals to steal personal data, serve as a proxy for other devices (which access the Internet through the infected device, bypassing blocks or to hide the origin of criminal activities), and engage in advertising fraud. Thus, the PeachPit network generated an average of 4 billion advertising requests per day.
Human says it worked with Apple and Google to take down PeachPit, and the cybercriminals also removed the malware from BadBox devices. However, for BadBox devices sold pre-infected, the Triada malware is located on a read-only partition. So it is impossible for the average user to eliminate it. Human therefore advises to avoid purchasing devices that do not have Google’s Play Protect certification.
rewrite this content and keep HTML tags