Security News > 2023 > October > Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign

Infosec in brief Bot defense software vendor Human Security last week detailed an attack that "Sold off-brand mobile and Connected TV devices on popular online retailers and resale sites preloaded with a known malware called Triada."

Human named the campaign to infect and distribute the Android devices BADBOX. The infected devices were sold for under $50. Human's researchers found over 200 models with pre-installed malware, and when it went shopping for seven particular devices found that 80 percent of units were infected with BADBOX. Analysis of infected devices yielded intel on an ad fraud module Human's researchers named PEACHPIT. At its peak, PEACHPIT ran on a botnet spanning 121,000 devices a day on Android.

Those infected devices delivered over four billion ads a day - all invisible to users.

"Human Security's technical report [PDF] on BADBOX and PEACHPIT describes the campaign:"A Chinese manufacturer builds a wide variety of Android-based devices, including phones, tablets, and CTV boxes.

"At some point between the manufacturing of these products and their delivery to resellers, physical retail stores and e-commerce warehouses, a firmware backdoor gets installed and the product boxes are sealed in plastic, priming these devices for fraud on arrival at their destination."

The venerable Qakbot malware operation appears to be alive and well despite an international takedown of the botnet and malware loader in late August.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/10/09/in_brief_security/