{"id":12425,"date":"2023-10-09T12:03:08","date_gmt":"2023-10-09T12:03:08","guid":{"rendered":"https:\/\/news.pakistaninewspaperlist.com\/many-android-devices-come-with-unkillable-backdoor-the-express-tribune\/"},"modified":"2023-10-09T12:03:08","modified_gmt":"2023-10-09T12:03:08","slug":"many-android-devices-come-with-unkillable-backdoor-the-express-tribune","status":"publish","type":"post","link":"https:\/\/pakistaninewspaperlist.com\/news\/many-android-devices-come-with-unkillable-backdoor-the-express-tribune\/","title":{"rendered":"Many Android devices come with unkillable backdoor | The Express Tribune"},"content":{"rendered":"
\n

Security researcher, Daniel Milisic, discovered a cheap Android TV streaming box called the T95 was infected with malware right out of the box. His findings were backed by other researchers as well. This week, Human Security unveiled new details of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.<\/p>\n

The researchers found seven Android TV boxes and one tablet with the backdoors installed, along with 200 other Android devices, an exclusive report shared with The Wire revealed. While Human Security has taken down advertising fraud linked to the scheme, these devices are still present in homes, businesses, and schools.<\/p>\n

\u201cThey\u2019re like a Swiss Army knife of doing bad things on the Internet,\u201d says Gavin Reid, the CISO at Human Security who leads the company\u2019s Satori Threat Intelligence and Research team. \u201cThis is a truly distributed way of doing fraud.\u201d<\/p>\n

Reid added that the company also shared details of facilities where the devices may have been manufactured with law enforcement agencies.<\/p>\n

The research has been divided into two areas; Badbox, involving the compromised Android devices and the ways they are involved in fraud and cybercrime, and Peachpit which is related to ad fraud operation involving at least 39 Android and iOS apps. Google says it has removed apps following Human Security\u2019s research, while Apple says it has found issues in several of the apps reported to it.<\/p>\n

Cheap Android streaming boxes, usually costing less than $50, were sold online and in brick-and-mortar shops, with no known brand. Human Security says in its report, its researchers spotted an Android app that appeared to be linked to inauthentic traffic and connected to the domain flyermobi.com. The researchers confirmed eight devices with backdoors installed\u2014seven TV boxes, the T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G, and a tablet J5-W.<\/p>\n

Human Security spotted at least 74,000 Android devices showing signs of a Badbox infection around the world\u2014including some in schools across the US.<\/p>\n

The devices are built in China, though it is not known where a firmware backdoor is added. \u201cUnbeknownst to the user, when you plug this thing in, it goes to a command and control<\/a> (C2) in China and downloads an instruction set and starts doing a bunch of bad stuff,\u201d Reid says.<\/p>\n

Multiple types of fraud were linked to the compromised devices including advertising fraud, residential proxy service, fake Gmail and WhatsApp accounts and remote code installation.<\/p>\n

Trend Micro found a \u201cfront end company\u201d for the group it investigated in China, Yarochkin says.<\/p>\n

\u201cThey were claiming that they have over 20 million devices infected worldwide, with up to 2 million devices being online at any point of time,\u201d he says. \u201cThere was a tablet in one of the museums somewhere in Europe,\u201d Yarochkin says, adding he believes it is possible that swaths of Android systems may have been impacted, including in cars. \u201cIt\u2019s easy for them to infiltrate the supply chain,\u201d he says. \u201cAnd for manufacturers, it’s really difficult to detect.\u201d<\/p>\n

The company identified 39 Android, iOS, and TV box apps that were involved in an app-based fraud element, called Peachpit. \u201cThese are template-based applications\u2014not very high quality,\u201d says Joao Santos, a security researcher at the company. Apps about developing six-pack abs and logging the amount of water a person drinks were included.<\/p>\n

The apps not only had hidden advertisements but also spoofed web traffic and malvertising. Human Security\u2019s research says the ads involved were making 4 billion ad requests per day, with 121,000 Android devices impacted and 159,000 iOS devices impacted. There had been 15 million downloads in total for the Android apps, the researchers calculated.<\/p>\n

Google spokesperson Ed Fernandez confirms the 20 Android apps reported by Human Security have been removed from the Play Store. Apple spokesperson Archelle Thelemaque says that it found five of the apps Human reported breaching its guidelines, and the developers were given 14 days to make them follow the rules.<\/p>\n

These attacks, though now much slowed, are still in people’s homes with dangerous malware that is very hard to remove. \u201cYou can think of these Badboxes as kind of like sleeper cells. They’re just sitting there waiting for instruction sets,\u201d Reid says.<\/p>\n<\/div>\n