Security researcher, Daniel Milisic, discovered a cheap Android TV streaming box called the T95 was infected with malware right out of the box. His findings were backed by other researchers as well. This week, Human Security unveiled new details of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.
The researchers found seven Android TV boxes and one tablet with the backdoors installed, along with 200 other Android devices, an exclusive report shared with The Wire revealed. While Human Security has taken down advertising fraud linked to the scheme, these devices are still present in homes, businesses, and schools.
“They’re like a Swiss Army knife of doing bad things on the Internet,” says Gavin Reid, the CISO at Human Security who leads the company’s Satori Threat Intelligence and Research team. “This is a truly distributed way of doing fraud.”
Reid added that the company also shared details of facilities where the devices may have been manufactured with law enforcement agencies.
The research has been divided into two areas; Badbox, involving the compromised Android devices and the ways they are involved in fraud and cybercrime, and Peachpit which is related to ad fraud operation involving at least 39 Android and iOS apps. Google says it has removed apps following Human Security’s research, while Apple says it has found issues in several of the apps reported to it.
Cheap Android streaming boxes, usually costing less than $50, were sold online and in brick-and-mortar shops, with no known brand. Human Security says in its report, its researchers spotted an Android app that appeared to be linked to inauthentic traffic and connected to the domain flyermobi.com. The researchers confirmed eight devices with backdoors installed—seven TV boxes, the T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G, and a tablet J5-W.
Human Security spotted at least 74,000 Android devices showing signs of a Badbox infection around the world—including some in schools across the US.
The devices are built in China, though it is not known where a firmware backdoor is added. “Unbeknownst to the user, when you plug this thing in, it goes to a command and control (C2) in China and downloads an instruction set and starts doing a bunch of bad stuff,” Reid says.
Multiple types of fraud were linked to the compromised devices including advertising fraud, residential proxy service, fake Gmail and WhatsApp accounts and remote code installation.
Trend Micro found a “front end company” for the group it investigated in China, Yarochkin says.
“They were claiming that they have over 20 million devices infected worldwide, with up to 2 million devices being online at any point of time,” he says. “There was a tablet in one of the museums somewhere in Europe,” Yarochkin says, adding he believes it is possible that swaths of Android systems may have been impacted, including in cars. “It’s easy for them to infiltrate the supply chain,” he says. “And for manufacturers, it’s really difficult to detect.”
The company identified 39 Android, iOS, and TV box apps that were involved in an app-based fraud element, called Peachpit. “These are template-based applications—not very high quality,” says Joao Santos, a security researcher at the company. Apps about developing six-pack abs and logging the amount of water a person drinks were included.
The apps not only had hidden advertisements but also spoofed web traffic and malvertising. Human Security’s research says the ads involved were making 4 billion ad requests per day, with 121,000 Android devices impacted and 159,000 iOS devices impacted. There had been 15 million downloads in total for the Android apps, the researchers calculated.
Google spokesperson Ed Fernandez confirms the 20 Android apps reported by Human Security have been removed from the Play Store. Apple spokesperson Archelle Thelemaque says that it found five of the apps Human reported breaching its guidelines, and the developers were given 14 days to make them follow the rules.
These attacks, though now much slowed, are still in people’s homes with dangerous malware that is very hard to remove. “You can think of these Badboxes as kind of like sleeper cells. They’re just sitting there waiting for instruction sets,” Reid says.
AI threatens wages, not jobs
The rapid adoption of artificial intelligence could reduce wages, but so far is creating, not destroying jobs, especially for the young and highly-skilled, research published by the European Central Bank showed on Tuesday.
Firms have invested heavily in artificial intelligence, or AI, leaving economists striving to understand the impact on the labour market and driving fears among the wider public for the future of their jobs.
At the same time, employers are struggling to find qualified workers, despite a recession that would normally ease labour market pressures.
In a sample of 16 European countries, the employment share of sectors exposed to AI increased, with low and medium-skill jobs largely unaffected and highly-skilled positions getting the biggest boost, a Research Bulletin published by the ECB said.
But it also cited “neutral to slightly negative impacts” on earnings and said that could increase.
“These results do not amount to an acquittal,” the paper said. “AI-enabled technologies continue to be developed and adopted. Most of their impact on employment and wages – and therefore on growth and equality – has yet to be seen.”
The findings were in contrast to previous “technology waves,” it said, when computerisation decreased “the relative share of employment of medium-skilled workers, resulting in “polarisation”.
Steps to avoid Google account deletion due to inactivity
Previously, Google announced that it would delete accounts that haven’t been signed into for two years, starting from December 1, 2023.
The move to delete these accounts comes from security concerns. An account that has been inactive for a long time is more susceptible to being breached by hackers, according to Google. This could expose personal information, increase the risk of identity theft, and make users vulnerable to being targeted in scams.
If someone has a Google account that they want to keep but it’s at risk of being deleted due to inactivity, they can follow certain steps to safeguard the account and its data.
The simplest way for them to keep their Google account is by logging into it or any associated Google services like YouTube or Gmail immediately.
By signing in at least once every two years, they can ensure that their Google account remains active and is not subject to deletion.
Considering that security is a major concern for these policies, and with Google noting that unused accounts are far less likely to have 2-step verification, it’s advisable for individuals to enable 2-step verification on their Google accounts (and on all other accounts they possess) to significantly reduce the risk of hacking.
AI threat demands new approach to security designs
The potential threat posed by the rapid development of artificial intelligence (AI) means safeguards need to be built in to systems from the start rather than tacked on later, a top US official said on Monday.
“We’ve normalized a world where technology products come off the line full of vulnerabilities and then consumers are expected to patch those vulnerabilities. We can’t live in that world with AI,” said Jen Easterly, director of the U.S. Cybersecurity and Infrastructure Security Agency.
“It is too powerful, it is moving too fast,” she said in a telephone interview after holding talks in Ottawa with Sami Khoury, head of Canada’s Centre for Cyber Security.
Easterly spoke the same day that agencies from 18 countries, including the United States, endorsed new British-developed guidelines on AI cyber security that focus on secure design, development, deployment and maintenance.
“We have to look at security throughout the lifecycle of that AI capability,” Khoury said.
Earlier this month, leading AI developers agreed to work with governments to test new frontier models before they are released to help manage the risks of the rapidly developing technology.
“I think we have done as much as we possibly could do at this point in time, to help come together with nations around the world, with technology companies, to set out from a technical perspective how to build these build these capabilities as securely and safely as possible,” said Easterly.
PM Kakar arrives in Kuwait on two-day official visit
Sabalenka to play in Brisbane
Govt will support ECP in holding ‘fair polls’
Pakistan team finally issued visas for World Cup in India
Regional players to meet in Russia on Afghanistan
Attack plots the norm since Danish cartoon crisis: experts
World4 weeks ago
Lebanon’s Hezbollah works to curb hefty losses in Israel clashes
Business4 weeks ago
With larger fall, rupee near 1-month low
Business4 weeks ago
Potential sectors for revenue
Technology4 weeks ago
Apple revamps Mac lineup and pricing with new family of chips
Pakistan4 weeks ago
Thousands rally in Islamabad for Gaza
Pakistan4 weeks ago
Maulana Tariq Jamil’s son dies of gunshot wound
Technology4 weeks ago
Four ways Google Analytics helps with data-driven decision making
World3 weeks ago
Israel intensifies brutal Gaza strikes despite ceasefire calls