Michał Stekla
It seems that the fight against Badbox is not over yet. The malware, which previously mainly targeted cheap Android TV Boxes, is now spreading to Smart TVs with the Android system. Experts from Bitsight are alerting – the botnet has not only survived attempts at neutralization but has become even more dangerous.
The new version of Badbox infects not only lesser-known devices but also televisions of popular brands. Researchers indicate models marked YNDX-00091 to YNDX-000102, which communicate with servers controlled by cybercriminals. If we have a Smart TV with an open Android system, it's better to be on guard. The problem is that the user often does not even know that their television is part of a cybercriminal network.
What does Badbox do?
It quietly takes control of the device, turning it into a part of a botnet. Infected devices can be used for:
DDoS attacks,
Spreading spam,
Data theft.
The problem is that the user often doesn't even realize that their television is part of a cybercrime network.
The most vulnerable are cheap devices lacking Play Protect certification. Such devices often do not pass the required security and compliance tests. Reports of infections mainly come from the following countries: Russia, China, India, Belarus, Brazil, and Ukraine.
Google's Position
“These uncertified brand devices that were identified as infected were not certified Android Play Protect devices. If a device lacks Play Protect certification, Google does not have the security and compliance test results. Certified Android Play Protect devices undergo rigorous testing to ensure user quality and safety. To ensure a device is built on the Android TV OS and has Play Protect certification, you can visit our Android TV page for a current list of partners. You can also take steps to manually check Play Protect certification in the device settings” – said a Google spokesperson in an interview with Android Headlines.
How to protect yourself?
Do not install apps from unknown sources. Google Play is the only safe place.
Update your software. Manufacturers often release security patches.
Be cautious of strange device behavior. If your TV is running slower or apps are launching by themselves – it’s better to reset it to factory settings.
A new wave of attacks shows one thing – malware is becoming increasingly clever, and users must be more cautious than ever.
Source: https://www.bitsight.com/blog/badbox-botnet-back
