IoT Devices Infected With Pre-Installed Malware

Uploaded on 2024-12-27 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The German Federal Office for Information Security (BSI), has recently taken action against a significant malware threat, blocking around 30k digital picture frames, media players, and other Android-based devices infected with the BadBox malware. BadBox is though to originate from Chinese hackers, who have have been using it to focus on hardware supply chains.

BadBox is a form of Android malware embedded in the device’s firmware, allows cyber criminals to intercept private credentials, install additional malicious software, and exploit the device for illegal activities, including launching distributed denial-of-service (DDoS) attacks. 

The devices, which came pre-loaded with the malicious software, pose substantial risks to users, as they connect automatically to a command-and-control server, giving attackers unauthorised access to sensitive information and control over the devices. According to reports, the malware has also been used to disseminate fake news via email and messaging accounts created on infected devices, as well as for advertising fraud, by accessing websites and generating traffic in the background. In some cases, the malware enables third parties to conduct cyber attacks, distribute illegal content, and engage in other forms of criminal behaviour, all while using the device owner’s Internet connection.

To mitigate the damage, the BSI  has implemented a “sinkhole” measure, redirecting the infected devices’ communication away from the malicious control servers. 

While this prevents further harm, the devices remain vulnerable, as the malware is housed in an immutable  firmware partition that cannot be easily removed. "There is no immediate danger for these devices as long as the BSI maintains the sinkholing measure," the agency advisory says.  

BSI’s president, Claudia Plattner, emphasised the risks posed by outdated firmware, which is often the underlying cause of such infections. "Malware on internet-enabled products is unfortunately not a rare phenomenon. Outdated firmware versions, in particular, pose a huge risk... We all have a duty here: manufacturers and retailers have a responsibility to ensure that such devices do not come onto the market."

While the BSI has not specified which products were affected, the issue is thought to apply to many different types of device, including smartphones and tablets.

As BadBox malware may go undetected without intervention, users are advised to disconnect any infected devices from the Internet immediately and to check their Internet-capable products for possible  vulnerabilities. 

BSI   |   I-HLS   |   The Record   |   Bleeping Computer   |    Security Week   |   BitDefender  

Image: Ideogram

You Might Also Read: 

Malware Hidden In Software Packages Hits Developers:  

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Ireland - The EU's Data Repository
China Complains About US Cyber Attacks »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Cyber Command

Cyber Command

Our Managed IT service allows clients to offload the management of day-to-day computer, server, and networking support to our team of professionals.

AllClear ID

AllClear ID

AllClear ID provides products and services that help protect people and their personal information from threats related to identity theft.

Zerocopter

Zerocopter

Zerocopter enables you to confidently leverage the skills of the world's most knowledgable ethical hackers to secure your applications.

Fugue

Fugue

Fugue ensures cloud infrastructure stays in continuous compliance with enterprise security policies.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Abion

Abion

At Abion (formerly BRANDIT), we empower your business by providing comprehensive brand protection and web security services.

Adaptive Shield

Adaptive Shield

Addaptive Shield - Complete Control For Your SaaS Security. Proactively find and fix weaknesses across your SaaS platforms.

Global Cybersecurity Association (GCA)

Global Cybersecurity Association (GCA)

GCA’s Symposium and conferences featuring global thought leaders and CISOs provide a global best practice perspective on cybersecurity.

North West Cyber Resilience Centre (NWCRC)

North West Cyber Resilience Centre (NWCRC)

The North West Cyber Resilience Centre is a trusted, not-for-profit venture between Greater Manchester Police and Manchester Digital.

DataSixth Security Consulting

DataSixth Security Consulting

DataSixth delivers Cybersecurity Intelligence. With our unique capabilities, we’re able to deliver value, deliver answers, and deliver actionable security intelligence.

Atomic Data

Atomic Data

Atomic Data is an on-demand, always-on, pay-as-you-go expert extension of your enterprise IT team and infrastructure.

Seccuri

Seccuri

Seccuri is a unique global cybersecurity talent tech platform. Use our specialized AI algorithm to grow and improve the cybersecurity workforce.

Utimaco

Utimaco

UTIMACO develops on-premises and cloud-based hardware security modules, solutions for key management, data protection and identity management as well as data intelligence solutions.

Davinsi Labs

Davinsi Labs

Davinsi Labs helps companies achieve Digital Service Excellence with specialized Security Intelligence and Service Intelligence solutions.

Kusari

Kusari

Securing your software supply chain starts with understanding. Kusari is on a mission to bring transparency to your software supply chain and power secure development.

Ethnos Cyber

Ethnos Cyber

Ethnos Cyber is Africa’s leading cybersecurity and compliance management company. We provide Information Security, Risk Management, Cybersecurity and Compliance Management solutions to clients.