A team of researchers has detected the malicious intentions of cybercriminals after unleashing havoc across virtually the entire American continent. BadBox, one of the most dangerous Trojans, has been in the crosshairs of authorities throughout its history, and now it's back to wreak havoc by infecting 500,000 Android devices. Fortunately, the operation successfully blocked access to these devices, but it could have ended worse.
The technology world has once again suffered a completely overwhelming upheaval, setting off alarm bells around the world. Cybercrime has once again struck again with fraudulent tactics that are virtually unpredictable and extremely difficult to identify, potentially ruining the reputations of thousands of users.
The creation of a chain of more than 1 million interconnected devices, operating through a botnet, has been on the verge of infiltrating the vicinity of 222 countries, most of them located in Central and South America, specifically affecting Brazil (37.6%), the United States (18.2%), Mexico (6.3%) and Argentina (5.3%), thus forming the new era of malware led by BadBox 2.0, the dangerous virus that the German authorities thought they had dismantled in December of last year.
Half a million devices locked
The Satori HUMAN intelligence group has become the protagonist of this terrible, but ultimately successful, story. Its members launched a global operation, in collaboration with Google, to disrupt half a million devices armed with highly potent malware. Dubbed BadBox 2.0, due to the expansion of its computing network, this Trojan was pre-installed on a large number of mobile phones, tablets, set-top boxes, and Smart TVs from little-known brands that run the Android operating system and were manufactured in China so they could subsequently be shipped to all markets.
In total, up to 24 suspicious applications were found on the Google Play Store that served as intermediaries to download the virus and begin its transmission. In this way, the criminals managed to take control of the device with the primary objective of extracting passwords and personal data, although HUMAN analysts comment that multiple hacker groups with different roles and benefits were involved. Among them, names such as SalesTracker, dedicated to infrastructure management; MoYu, experts in the development of backdoors and botnets; Lemon, focused on ad fraud campaigns; and LongTV, creators of illegitimate applications, are reported.
Uncertified Google products are the most vulnerable
Similarly, it has been mentioned that Android devices not certified by Play Protect are usually the ones that suffer the most, since they are completely unprotected, especially when downloading applications. This can be a big problem in the long run. Therefore, it is necessary that they are not used at all or, if they are, that they are not connected to the Internet to prevent any external actor from gaining access without consent.
In the face of all this fuss, the Mountain View company has greatly appreciated HUMAN's participation in dismantling the offenders and thus protecting consumers. However, the multinational urges users to stay away from any device that doesn't have official Google Play Protect, as they could be exposed to risky situations and potential fraud.
Link: https://www.adslzone.net/noticias/seguridad/malware-android-medio-millon-dispositivos-infectados/