IoT Devices Infected With Pre-Installed Malware

Uploaded on 2024-12-27 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The German Federal Office for Information Security (BSI), has recently taken action against a significant malware threat, blocking around 30k digital picture frames, media players, and other Android-based devices infected with the BadBox malware. BadBox is though to originate from Chinese hackers, who have have been using it to focus on hardware supply chains.

BadBox is a form of Android malware embedded in the device’s firmware, allows cyber criminals to intercept private credentials, install additional malicious software, and exploit the device for illegal activities, including launching distributed denial-of-service (DDoS) attacks. 

The devices, which came pre-loaded with the malicious software, pose substantial risks to users, as they connect automatically to a command-and-control server, giving attackers unauthorised access to sensitive information and control over the devices. According to reports, the malware has also been used to disseminate fake news via email and messaging accounts created on infected devices, as well as for advertising fraud, by accessing websites and generating traffic in the background. In some cases, the malware enables third parties to conduct cyber attacks, distribute illegal content, and engage in other forms of criminal behaviour, all while using the device owner’s Internet connection.

To mitigate the damage, the BSI  has implemented a “sinkhole” measure, redirecting the infected devices’ communication away from the malicious control servers. 

While this prevents further harm, the devices remain vulnerable, as the malware is housed in an immutable  firmware partition that cannot be easily removed. "There is no immediate danger for these devices as long as the BSI maintains the sinkholing measure," the agency advisory says.  

BSI’s president, Claudia Plattner, emphasised the risks posed by outdated firmware, which is often the underlying cause of such infections. "Malware on internet-enabled products is unfortunately not a rare phenomenon. Outdated firmware versions, in particular, pose a huge risk... We all have a duty here: manufacturers and retailers have a responsibility to ensure that such devices do not come onto the market."

While the BSI has not specified which products were affected, the issue is thought to apply to many different types of device, including smartphones and tablets.

As BadBox malware may go undetected without intervention, users are advised to disconnect any infected devices from the Internet immediately and to check their Internet-capable products for possible  vulnerabilities. 

BSI   |   I-HLS   |   The Record   |   Bleeping Computer   |    Security Week   |   BitDefender  

Image: Ideogram

You Might Also Read: 

Malware Hidden In Software Packages Hits Developers:  

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Ireland - The EU's Data Repository
China Complains About US Cyber Attacks »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

TechInsurance

TechInsurance

TechInsurance is America's top technology insurance company offering a range of technology related products including Cyber Liability insurance.

NRI Secure Technologies

NRI Secure Technologies

NRI SecureTechnologies is a Cybersecurity group company of the Nomura Research Institute (NRI) and a global provider of next-generation Managed Security Services and Security Consulting.

Smokescreen

Smokescreen

Smokescreen's IllusionBLACK employs deception technology to detect, deflect and defeat advanced hacker attacks.

ERMProtect

ERMProtect

ERMProtect is a leading Information Security & Training Company that helps businesses improve their cybersecurity posture and comply with regulations.

TechVets

TechVets

TechVets is a non-for-profit helping UK veterans and service leavers retrain into Cyber Security and Technology jobs.

Wüpper Management Consulting (WMC)

Wüpper Management Consulting (WMC)

Specialized in compliance, risk management and holistic information security WMC GmbH has longtime implementation experience in global projects.

InterVision

InterVision

InterVision is a leading Strategic Services Provider, assisting businesses in driving value and gaining a competitive edge by helping IT Leaders solve the most crucial challenges they face.

Ksmartech

Ksmartech

Ksmartech provide services related to security and authentication in all areas where the connection of people to objects, and objects and objects is necessary.

Ockam

Ockam

Ockam gives you the tools you need to establish an architecture for trust within your connected device applications.

DataDome

DataDome

DataDome offers real-time AI protection against all OWASP automated threats, including credential stuffing, layer 7 DDoS attacks, SQL injection & intensive scraping.

DDOS-Guard

DDOS-Guard

DDoS-GUARD is one of the leading service providers on the global DDoS protection and content delivery markets.

Towerwall

Towerwall

Towerwall offers a comprehensive suite of security services and solutions using best-of-breed tools and information security services.

Progress Partners

Progress Partners

Progress Partners is a corporate advisory firm that works with buyers and sellers of emerging growth companies to complete M&A or private placement transactions. Our sectors include cybersecurity.

Buchanan Technologies

Buchanan Technologies

Buchanan Technologies is a leading IT consulting and outsourcing services firm. Our methodology transforms everyday technology investments into streamlined, secure and scalable solutions.

Sentar

Sentar

Sentar is a cyber intelligence company, applying advanced analytics and systems engineering expertise to protect our national security by securing mission-critical assets.

Clear Ridge Defense

Clear Ridge Defense

Clear Ridge was founded in April 2015 with the mission and vision to support Joint, Service Cyber Components, and commercial clients in specialized cyber support.