BADBOX Botnet Is Back
Dec. 18, 2024, 12:10 p.m.
Tags
External References
Description
The BADBOX botnet, previously thought to be contained, has resurfaced with increased scope and sophistication. Recent findings reveal over 192,000 infected devices, including high-end Yandex 4K QLED Smart TVs and Hisense smartphones, expanding beyond the initially targeted off-brand Android devices. The botnet exploits compromised firmware to install malware and secondary payloads without user consent, enabling activities such as residential proxying, remote code installation, and ad fraud. The operation affects multiple countries, with Russia, China, and India being the most impacted. The malware's ability to adapt and spread through global supply chains poses significant challenges for consumers and enterprises alike, emphasizing the importance of trusted vendors and partners in cybersecurity.
Date
Published: Dec. 17, 2024, 9:59 p.m.
Created: Dec. 17, 2024, 9:59 p.m.
Modified: Dec. 18, 2024, 12:10 p.m.
Indicators
103.145.58.236
www.jolted.vip
http://yydsmd.com/ota/api/tasks/v2?m=bd6cb71c8046af6d0851276af7120e50&n=WIFI
http://yydsmd.com/ota/api/conf/v1?m=bd6cb71c8046af6d0851276af7120e50&n=WIFI
old.1ztop.work
cast.jutux.work
ztword.com
yydsmd.com
yxcrl.com
ycxad.com
tvsnapp.com
swiftcode.work
soyatea.online
pixlo.cc
pixelscast.com
pccyy.com
pcxrlback.com
mtcpmpm.com
giddy.cc
cxzyr.com
cxlcyy.com
bluefish.work
Attack Patterns
BadBox
Triada
BADBOX
T1542.003
T1608.004
T1608.001
T1608.005
T1571
T1059.004
T1071.001
T1573
T1106
T1102
Additional Informations
Technology
Telecommunications
British Indian Ocean Territory
India
Czechia
Saudi Arabia
China
Netherlands
Belarus
France
Germany
Kazakhstan
Ukraine
Brazil
United States of America
Russian Federation