Numerous researchers have found a large number of Android TV Boxes, already accessible to the public, backdoored to conduct adware fraud. Researchers warn the users to get rid of those specific models and buy reputed brands instead to avoid the ongoing threat.
Researchers Discovered Numerous Backdoored Android TV Box
According to a recent post from the Human Security threat labs, there exists hundreds of backdoored Android TV Boxes unknown to the users. These infected devices facilitate the threat actors behind them in running the covert ad fraud campaign.
As explained, the researchers suspect at least 200 different TV box models infected with the malware upon analyzing seven TV Boxes and one tablet.
Specifically, they noticed the Triada malware pre-installed and actively running on Android TV boxes shipped to retailers. That means the malware came pre-installed from factory setups without the retailers or the users knowing. It executes its activities once a user turns on the newly bought device, installing several malicious modules. One such module is the “PEACHPIT,” which served as an ad fraud botnet for the larger BADBOX operation.
Besides, the malware also performs various other activities on the victim devices, including data stealing, creating fake Gmail and WhatsApp accounts, selling home networks’ accesses as residential proxies, and installing malicious codes.
Most of the devices analyzed in this campaign come from China, which are then distributed globally. The researchers estimated about 74,000 different Android devices suffer BADBOX infections, as their detailed technical report mentioned.
This campaign isn’t the only incident involving the Triada malware. In the past, the same malware targeted Android phones and other devices for data-stealing purposes. Human Security researchers have also cited numerous past reports from other researchers regarding Triada attacks. It shows the malware as a potent threat to Android devices, including Android TV boxes, emphasizing the need for users to remain careful when purchasing IoT devices from unpopular, low-cost providers.
Let us know your thoughts in the comments.