Germany’s Federal Office for Information Security (BSI) sinkholed internet traffic originating from Germany and going to the command and control servers of the BADBOX malware group, BSI writes on its website.
The malware was first detected in October 2023 by Human Security, a company specialized in detecting advertising fraud. The BADBOX group, which originates from China, assembled a botnet of over 280,000 systems by hiding its malware in malicious Android and iOS apps and inside the firmware of Android TV streaming boxes.
Human Security said the BADBOX group operated out of China and most likely had access to hardware supply chains where its members could deploy the malicious firmware on streaming boxes. BADBOX affects consumers from both the public and private sector.
The BSI says all German internet service providers with over 100,000 clients are now mandated by law to redirect BADBOX traffic to its sinkhole. A sinkhole is a server designed to capture malicious traffic and prevent control of infected devices by the criminals who infected them.
It is reportedly the first time the German BSI has sinkholed a malware operation on its own. Prior to that, the BSI did this as part of international efforts targeting cybercrime operations.
Hirom@beehaw.org 6 days ago
They should force a recall.
B0rax@feddit.org 6 days ago
A recall in cheap Android streaming boxes dropshipped from China? Ha!
Hirom@beehaw.org 5 days ago
If not the chineese manufacturer, then whoever is importing them .