Hackread reports that more than a million Android-based Internet of Things devices around the world have been infected with the BADBOX 2.0 botnet through bogus apps, nefarious downloads, or factory installation.
BADBOX 2.0, which mostly impacts users of ultra-cheap smart TVs, streaming boxes, tablets, or digital projectors, uses not only the 'libanl.so' backdoor that boots malware modules and the 'p.jar' and 'q.jar' Java modules for new payload downloads and persistence but also the 'com.hs.app' Android app for backdoor loading and 'catmor88[.]com' and 'ipmoyu[.]com command-and-control domains, according to an analysis from Point Wild's Lat61 Threat Intelligence Team. With the suspected China-linked botnet deeply integrated within the targeted IoT devices, users have been urged to be wary of unbranded devices that may not have Google Play Protect activated or have unfamiliar applications. Such findings come almost two years after BADBOX was initially discovered in low-cost Android TV boxes.
BADBOX 2.0, which mostly impacts users of ultra-cheap smart TVs, streaming boxes, tablets, or digital projectors, uses not only the 'libanl.so' backdoor that boots malware modules and the 'p.jar' and 'q.jar' Java modules for new payload downloads and persistence but also the 'com.hs.app' Android app for backdoor loading and 'catmor88[.]com' and 'ipmoyu[.]com command-and-control domains, according to an analysis from Point Wild's Lat61 Threat Intelligence Team. With the suspected China-linked botnet deeply integrated within the targeted IoT devices, users have been urged to be wary of unbranded devices that may not have Google Play Protect activated or have unfamiliar applications. Such findings come almost two years after BADBOX was initially discovered in low-cost Android TV boxes.
