Cybersecurity firm BitSight uncovered a massive BadBox botnet infrastructure affecting nearly 200,000 unique Android devices across multiple countries.
Device Infection Scope
The BadBox malware, first identified in October 2023, has been discovered infiltrating an unprecedented range of Android-powered devices, including:
- Yandex 4K QLED smart TVs
- Hisense T963 smartphones
- Various low-cost Android-based devices
Geographic Spread
The infection has primarily impacted six countries:
- Russia
- China
- India
- Belarus
- Brazil
- Ukraine
Malware Capabilities and Risks
Bitsight researchers revealed that BadBox exploits infected devices for multiple malicious purposes, including:
- Residential proxy manipulation
- Remote code installation
- Account abuse
- Ad fraud
The most concerning aspect is the malware’s ability to install additional code modules without user consent, giving threat actors unprecedented access and control.
Potential Infection Origins
Cybersecurity experts suggest the infections could originate from:
- Manufacturer involvement
- Compromise during development stages
- Potential supply chain vulnerabilities
- Malicious interventions during manufacturing or shipping processes
Detection and Scale
Previous investigations by Human Security identified over 70,000 infected devices, while Germany’s cybersecurity agency recently discovered 30,000 BadBox bots. Bitsight’s latest findings indicate more than 160,000 unique IPs communicating daily with the command-and-control server.
Remarkably, 98% of the observed traffic originated from:
- Yandex smart TVs
- Hisense T963 smartphones
Bitsight strongly advises consumers and enterprises to:
- Choose trusted device brands
- Carefully evaluate technology partners
