IoT Devices Infected With Pre-Installed Malware

Uploaded on 2024-12-27 in TECHNOLOGY--Hackers, INTELLIGENCE-Hot Spots-China, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

The German Federal Office for Information Security (BSI), has recently taken action against a significant malware threat, blocking around 30k digital picture frames, media players, and other Android-based devices infected with the BadBox malware. BadBox is though to originate from Chinese hackers, who have have been using it to focus on hardware supply chains.

BadBox is a form of Android malware embedded in the device’s firmware, allows cyber criminals to intercept private credentials, install additional malicious software, and exploit the device for illegal activities, including launching distributed denial-of-service (DDoS) attacks. 

The devices, which came pre-loaded with the malicious software, pose substantial risks to users, as they connect automatically to a command-and-control server, giving attackers unauthorised access to sensitive information and control over the devices. According to reports, the malware has also been used to disseminate fake news via email and messaging accounts created on infected devices, as well as for advertising fraud, by accessing websites and generating traffic in the background. In some cases, the malware enables third parties to conduct cyber attacks, distribute illegal content, and engage in other forms of criminal behaviour, all while using the device owner’s Internet connection.

To mitigate the damage, the BSI  has implemented a “sinkhole” measure, redirecting the infected devices’ communication away from the malicious control servers. 

While this prevents further harm, the devices remain vulnerable, as the malware is housed in an immutable  firmware partition that cannot be easily removed. "There is no immediate danger for these devices as long as the BSI maintains the sinkholing measure," the agency advisory says.  

BSI’s president, Claudia Plattner, emphasised the risks posed by outdated firmware, which is often the underlying cause of such infections. "Malware on internet-enabled products is unfortunately not a rare phenomenon. Outdated firmware versions, in particular, pose a huge risk... We all have a duty here: manufacturers and retailers have a responsibility to ensure that such devices do not come onto the market."

While the BSI has not specified which products were affected, the issue is thought to apply to many different types of device, including smartphones and tablets.

As BadBox malware may go undetected without intervention, users are advised to disconnect any infected devices from the Internet immediately and to check their Internet-capable products for possible  vulnerabilities. 

BSI   |   I-HLS   |   The Record   |   Bleeping Computer   |    Security Week   |   BitDefender  

Image: Ideogram

You Might Also Read: 

Malware Hidden In Software Packages Hits Developers:  

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Ireland - The EU's Data Repository
China Complains About US Cyber Attacks »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Verimatrix

Verimatrix

Verimatrix is a global provider of innovative cybersecurity solutions that protect content, devices, software and applications.

Cysec - TU Darmstadt

Cysec - TU Darmstadt

CYSEC is the Cybersecurity faculty of the Technical University of Darmstadt and performs internationally renowned research in numerous areas of cybersecurity.

Schneider Electric

Schneider Electric

Schneider Electric develops connected technologies and solutions to manage energy and process in ways that are safe, reliable and sustainable.

Dubex

Dubex

Dubex is Denmark's leading business-oriented IT security specialist.

Cyber Aware

Cyber Aware

Cyber Aware aims to drive behaviour change amongst small businesses and individuals, so that they adopt simple secure online behaviours.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Procsima Group

Procsima Group

Procsima Group was created to help you achieve good IT management and security excellence.

OneTrust

OneTrust

OneTrust is the largest and most widely used technology platform to operationalize privacy, security and third-party risk management.

Naukrigulf

Naukrigulf

Naukrigulf.com is one of the fastest growing job sites in the Gulf, with thousands of registered job seekers and a robust CV database across many sectors, including cybersecurity.

Internet 2.0

Internet 2.0

Internet 2.0 is a Cyber Security technology company with a core focus on developing affordable but sophisticated cyber security solutions.

HancomWITH

HancomWITH

Hancomwith is an information security company. We provide optimized blockchain solutions in areas including next-generation authentication, security and digital asset transaction.

Reflectiz

Reflectiz

Reflectiz empowers digital businesses to make all web applications safer by non-intrusively mitigating any website risks without a single line of code.

TheGreenBow

TheGreenBow

TheGreenBow is a trusted VPN software company. We help organizations and individuals become cyber-responsible. For this, we design and develop reliable and easy-to-use solutions.

Upstack

Upstack

UPSTACK - One partner, end-to-end expertise, helping develop the solutions you need – when you need them.

Onwardly

Onwardly

For everyday folks tasked with implementing security and privacy. Do it faster with Onwardly - build, launch and scale your cyber resilience program in 30 minutes per week.

Binarii Labs

Binarii Labs

Binarii are focused on helping enterprises to design and deploy SaaS solutions that utilise DLT (Digital Ledger Technology) effectively, efficiently and sensibly.