Archived (in German)

Germany’s Federal Office for Information Security (BSI) sinkholed internet traffic originating from Germany and going to the command and control servers of the BADBOX malware group, BSI writes on its website.

The malware was first detected in October 2023 by Human Security, a company specialized in detecting advertising fraud. The BADBOX group, which originates from China, assembled a botnet of over 280,000 systems by hiding its malware in malicious Android and iOS apps and inside the firmware of Android TV streaming boxes.

Human Security said the BADBOX group operated out of China and most likely had access to hardware supply chains where its members could deploy the malicious firmware on streaming boxes. BADBOX affects consumers from both the public and private sector.

The BSI says all German internet service providers with over 100,000 clients are now mandated by law to redirect BADBOX traffic to its sinkhole. A sinkhole is a server designed to capture malicious traffic and prevent control of infected devices by the criminals who infected them.

It is reportedly the first time the German BSI has sinkholed a malware operation on its own. Prior to that, the BSI did this as part of international efforts targeting cybercrime operations.

  • sculd@beehaw.org
    link
    fedilink
    arrow-up
    1
    ·
    3 days ago

    Yeah, those streaming boxes were always problematic I used to have one years ago and detected suspicious traffic Pulled it out immediately