Suspected China-based malware operation BADBOX has been confirmed to be dismantled by Germany's Federal Office of Information Security after sinkholing the domains it has been leveraging to establish communications between at least 30,000 outdated internet-exposed Android devices and its command-and-control servers, The Hacker News reports.
Android devices compromised by BADBOX, which include phones, tablets, media players, and digital picture frames, could be leveraged not only for residential proxy service purposes that enable stealthy internet traffic routing but also to establish Gmail and WhatsApp accounts, according to BSI, which urged major internet providers across the country to redirect internet traffic to the sinkhole while ordering the immediate takedown of the affected devices. Such a development comes after HUMAN's Satori Threat Intelligence and Research team discovered BADBOX to have leveraged both the Triada malware and PEACHPIT ad fraud botnet in its attacks. "Anyone can accidentally buy a BADBOX device online without ever knowing it was fake, plugging it in, and unknowingly opening this backdoor malware," said researchers.
