Recherche : [BADBOX] - Cyberveille

FBI Warning on IoT Devices: How to Tell If You Are Impacted https://www.eff.org/deeplinks/2025/06/fbi-warning-iot-devices-how-tell-if-you-are-impacted

02/07/2025 11:13:39

On June 5th, the FBI released a PSA titled “Home Internet Connected Devices Facilitate Criminal Activity.” This PSA largely references devices impacted by the latest generation of BADBOX malware (as named by HUMAN’s Satori Threat Intelligence and Research team) that EFF researchers also encountered primarily on Android TV set-top boxes. However, the malware has impacted tablets, digital projectors, aftermarket vehicle infotainment units, picture frames, and other types of IoT devices.

One goal of this malware is to create a network proxy on the devices of unsuspecting buyers, potentially making them hubs for various potential criminal activities, putting the owners of these devices at risk from authorities. This malware is particularly insidious, coming pre-installed out of the box from major online retailers such as Amazon and AliExpress. If you search “Android TV Box” on Amazon right now, many of the same models that have been impacted are still up being sold by sellers of opaque origins. Facilitating the sale of these devices even led us to write an open letter to the FTC, urging them to take action on resellers.

The FBI listed some indicators of compromise (IoCs) in the PSA for consumers to tell if they were impacted. But the average person isn’t running network detection infrastructure in their homes, and cannot hope to understand what IoCs can be used to determine if their devices generate “unexplained or suspicious Internet traffic.” Here, we will attempt to help give more comprehensive background information about these IoCs. If you find any of these on devices you own, then we encourage you to follow through by contacting the FBI's Internet Crime Complaint Center (IC3) at www.ic3.gov.

The FBI lists these IoC:

The presence of suspicious marketplaces where apps are downloaded.
Requiring Google Play Protect settings to be disabled.
Generic TV streaming devices advertised as unlocked or capable of accessing free content.
IoT devices advertised from unrecognizable brands.
Android devices that are not Play Protect certified.
Unexplained or suspicious Internet traffic.
The following adds context to above, as well as some added IoCs we have seen from our research.

Unpacking the BADBOX Botnet with Censys https://censys.com/unpacking-the-badbox-botnet/

05/02/2025 15:17:01

Discover BADBOX, a new botnet pre-infecting Android devices—including TVs—via factory malware. Explore supply chain threats from one SSL certificate.

Android TV Boxes Infected with Backdoors, Compromising Home Networks https://www.hackread.com/android-tv-boxes-backdoors-home-networks/

08/10/2023 15:51:31

Cybersecurity Firm Human Security has discovered malware on dozens of streaming devices and iOS/Android apps.
A huge number of Android TV boxes contain malware capable of conducting ad fraud, creating fake accounts, and selling access to home networks.
Researchers found that the malware they have dubbed Badbox is not only tricky to detect but difficult to remove as well.
Android TV box users must prefer installing apps from reliable sources and keep their devices up-to-date.
Human Security has already shared details of its findings with concerned law enforcement agencies.

Liens par page

Filtres