The Federal Department of Information Security of Germany (BSI) has successfully taken control of the Internet traffic being sent from within the country to C2 servers belonging to the Badbox group. The decisive actions conducted by the special services have effectively halted the operations of the malicious software utilized by the group.
As reported by BSI, approximately 30,000 devices in Germany have fallen victim to Badbox, which has infected them with malicious software. These devices are using outdated versions of Android and come pre-installed with harmful applications. All Internet providers in Germany serving over 100,000 subscribers are now mandated to redirect any traffic related to Badbox to the BSI.
Badbox was initially detected in October 2023 and has since amassed a botnet comprising of over 280,000 devices. The malware is deployed through infected Android and iOS applications, as well as being embedded within the firmware of devices.
Analysts believe that Badbox originates from China and is likely accessing equipment supply chains, enabling the hackers to insert malicious firmware directly into the devices. The primary objective of the botnet was to surreptitiously install applications that would subsequently bombard users with intrusive advertisements.
Badbox possesses a range of malicious capabilities including the ability to create fake accounts for disseminating misinformation via instant messengers and emails, redirecting traffic to fraudulent websites, and utilizing a user’s Internet connection for illicit purposes. This enables cybercriminals to exploit the device’s IP address for cyber attacks and the dissemination of unlawful content, in addition to potentially loading further malicious programs.
Internet providers catering to users of infected devices have been alerted to the threat. However, owing to the widespread production of similar device models marketed under various brands, the precise list of vulnerable devices remains unknown. The agency advises all device owners to inspect their network-connected devices and disconnect them from the Internet if necessary.
Prospective buyers of new devices are advised to prioritize product safety by considering factors such as manufacturer support availability, the currency of the operating system, and the reputation of the brand.