IoT Devices Infected With Pre-Installed Malware

The German Federal Office for Information Security (BSI), has recently taken action against a significant malware threat, blocking around 30k digital picture frames, media players, and other Android-based devices infected with the BadBox malware. BadBox is though to originate from Chinese hackers, who have have been using it to focus on hardware supply chains.

BadBox is a form of Android malware embedded in the device’s firmware, allows cyber criminals to intercept private credentials, install additional malicious software, and exploit the device for illegal activities, including launching distributed denial-of-service (DDoS) attacks. 

The devices, which came pre-loaded with the malicious software, pose substantial risks to users, as they connect automatically to a command-and-control server, giving attackers unauthorised access to sensitive information and control over the devices. According to reports, the malware has also been used to disseminate fake news via email and messaging accounts created on infected devices, as well as for advertising fraud, by accessing websites and generating traffic in the background. In some cases, the malware enables third parties to conduct cyber attacks, distribute illegal content, and engage in other forms of criminal behaviour, all while using the device owner’s Internet connection.

To mitigate the damage, the BSI  has implemented a “sinkhole” measure, redirecting the infected devices’ communication away from the malicious control servers. 

While this prevents further harm, the devices remain vulnerable, as the malware is housed in an immutable  firmware partition that cannot be easily removed. "There is no immediate danger for these devices as long as the BSI maintains the sinkholing measure," the agency advisory says.  

BSI’s president, Claudia Plattner, emphasised the risks posed by outdated firmware, which is often the underlying cause of such infections. "Malware on internet-enabled products is unfortunately not a rare phenomenon. Outdated firmware versions, in particular, pose a huge risk... We all have a duty here: manufacturers and retailers have a responsibility to ensure that such devices do not come onto the market."

While the BSI has not specified which products were affected, the issue is thought to apply to many different types of device, including smartphones and tablets.

As BadBox malware may go undetected without intervention, users are advised to disconnect any infected devices from the Internet immediately and to check their Internet-capable products for possible  vulnerabilities. 

BSI   |   I-HLS   |   The Record   |   Bleeping Computer   |    Security Week   |   BitDefender  

Image: Ideogram

You Might Also Read: 

Malware Hidden In Software Packages Hits Developers:  


If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible



 

« Ireland - The EU's Data Repository
China Complains About US Cyber Attacks »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

IT Security Guru

IT Security Guru

IT Security Gurus publish daily breaking news. interviews with the key thinkers in IT security, videos and the top 10 stories as picked by our Editor.

Latham & Watkins LLP

Latham & Watkins LLP

Latham & Watkins is an international law firm. Practice areas include Data Privacy, Security and Cybercrime.

Cloudbric

Cloudbric

Cloudbric is a cloud-based web security service, offering award-winning WAF, DDoS protection, and SSL, all in a full-service package.

Kudelski Security

Kudelski Security

Kudelski Security is an international cybersecurity company providing innovative, independent and tailored security solutions for large enterprise and public sector clients.

Think Cyber Security (ThinkCyber)

Think Cyber Security (ThinkCyber)

ThinkCyber is a Tel Aviv-based Israeli company with a team of cybersecurity professionals who are experts in both information and operations technology.

CIO Dive

CIO Dive

CIO Dive provides news and analysis for IT executives in areas including IT strategy, cloud computing, cyber security, big data, AI, software, infrastructure, dev ops and more.

ExpressVPN

ExpressVPN

ExpressVPN is a Virtual Private Network services provider offering secure encrypted access to the internet.

Kickstart

Kickstart

Kickstart supports your startup in scaling deep technology businesses in Switzerland in areas such as AI, Blockchain and Cybersecurity.

Soffid

Soffid

Soffid provides full Single-Sign-On experience and full Identity and Access Management features by policy-based centralised orchestration of user identities.

Predatech

Predatech

A cyber security consultancy offering a range of services, including CREST accredited penetration testing, vulnerability assessments and certifications incl. Cyber Essentials & Cyber Essentials Plus.

Truesec

Truesec

TRUESEC has an exceptional mix of IT specialists. We are true experts in cyber security, advanced IT infrastructure and secure development.

Midwest Cyber Security Alliance (MCSA)

Midwest Cyber Security Alliance (MCSA)

Midwest Cyber Security Alliance is a nonprofit, nonpartisan collaboration of individuals, businesses, government entities, and professionals advocating for more effective cyber security solutions.

Liminal

Liminal

Liminal is a boutique strategy advisory firm serving digital identity, fintech, and cybersecurity clients, and the private equity / venture capital community.

CXI Solutions

CXI Solutions

CXI Solutions: Your trusted partner in cybersecurity. We offer a full range of cybersecurity solutions to protect your business from digital attacks and virtual threats.

Linx Security

Linx Security

The Linx Identity Security platform enables identity, security, and IT ops teams to finally control the whole identity lifecycle.

Thero6

Thero6

Thero6 develop dynamic financial analysis algorithms that help prevent coin collapses and theft of cryptocurrency funds by identifying the transaction absolutely throughout the chain.