IoT Devices Infected With Pre-Installed Malware

Uploaded on 2024-12-27 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The German Federal Office for Information Security (BSI), has recently taken action against a significant malware threat, blocking around 30k digital picture frames, media players, and other Android-based devices infected with the BadBox malware. BadBox is though to originate from Chinese hackers, who have have been using it to focus on hardware supply chains.

BadBox is a form of Android malware embedded in the device’s firmware, allows cyber criminals to intercept private credentials, install additional malicious software, and exploit the device for illegal activities, including launching distributed denial-of-service (DDoS) attacks. 

The devices, which came pre-loaded with the malicious software, pose substantial risks to users, as they connect automatically to a command-and-control server, giving attackers unauthorised access to sensitive information and control over the devices. According to reports, the malware has also been used to disseminate fake news via email and messaging accounts created on infected devices, as well as for advertising fraud, by accessing websites and generating traffic in the background. In some cases, the malware enables third parties to conduct cyber attacks, distribute illegal content, and engage in other forms of criminal behaviour, all while using the device owner’s Internet connection.

To mitigate the damage, the BSI  has implemented a “sinkhole” measure, redirecting the infected devices’ communication away from the malicious control servers. 

While this prevents further harm, the devices remain vulnerable, as the malware is housed in an immutable  firmware partition that cannot be easily removed. "There is no immediate danger for these devices as long as the BSI maintains the sinkholing measure," the agency advisory says.  

BSI’s president, Claudia Plattner, emphasised the risks posed by outdated firmware, which is often the underlying cause of such infections. "Malware on internet-enabled products is unfortunately not a rare phenomenon. Outdated firmware versions, in particular, pose a huge risk... We all have a duty here: manufacturers and retailers have a responsibility to ensure that such devices do not come onto the market."

While the BSI has not specified which products were affected, the issue is thought to apply to many different types of device, including smartphones and tablets.

As BadBox malware may go undetected without intervention, users are advised to disconnect any infected devices from the Internet immediately and to check their Internet-capable products for possible  vulnerabilities. 

BSI   |   I-HLS   |   The Record   |   Bleeping Computer   |    Security Week   |   BitDefender  

Image: Ideogram

You Might Also Read: 

Malware Hidden In Software Packages Hits Developers:  

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Ireland - The EU's Data Repository
China Complains About US Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Netskope

Netskope

Netskope, a global cybersecurity leader, is redefining cloud, data, and network security to help organizations apply Zero Trust principles to protect data.

Bridewell

Bridewell

Bridewell provide cost effective Security & Risk Assurance Services across Information Security, Cyber Security, Technology Risk, Security Testing and Data Privacy.

Lexsynergy

Lexsynergy

Lexsynergy is a global domain name management and online brand protection company.

BlackScore

BlackScore

BlackScore is a technology company seeking to disrupt risk assessment using AI-driven technology.

Red River

Red River

Red River is a technology transformation company, bringing 25 years of experience and mission-critical expertise in analytics, cloud, collaboration, mobility, networking and security solutions.

Turnkey Consulting

Turnkey Consulting

Turnkey Consulting is a leading provider of Integrated Risk Management (IRM), Identity Access Management (IAM), and Cyber and Application Security.

Opticks Security

Opticks Security

Opticks provides fraud detection and monitoring solutions for leading brands. agencies and networks. Our relentless mission is to deliver reliable and innovative software to beat digital fraud.

Rimstorm

Rimstorm

Rimstorm’s mission is to significantly improve the security of your data using award-winning, state-of-the-art technology combined with cyber managed security services.

Luta Security

Luta Security

Luta Security implements a holistic approach to advance the security maturity of governments and organizations around the world.

NetApp

NetApp

The NetApp portfolio includes intelligent cloud services, data services, and storage infrastructure that helps organizations manage applications and data everywhere across hybrid cloud environments.

Threat Con

Threat Con

Threat Con is a one of its kind event in Nepal, a series of annual international security conventions similar to the famous Black Hat and DEF CON conferences.

AVANT Communications

AVANT Communications

AVANT is a premier distributor of next generation technologies with the resources and relationships needed to successfully navigate the ever-changing world of communications and IT infrastructure.

Aquia

Aquia

Aquia are on a mission to enable innovation and drive transformative change to solve the world’s most pressing and complex cybersecurity challenges.

IT Voice

IT Voice

IT Voice specializes in Managed IT and VoIP solutions. Our focus is simplifying the technology so our customers can stay focused on what they do best.

Ionize

Ionize

Ionize offers solutions to help you uplift your capability across the full-spectrum of cyber security - assessment, remediation, monitoring, governance and ongoing education.

VPNBlade

VPNBlade

VPNBlade is your go-to resource for expert reviews and advice on VPN services.