About a hundred thousand smart TVs from manufacturer Yandex are supplied with pre-installed Android malware called BadBox, security company Bitsight claims based on its own research. In total, the company counted 192,000 Android devices infected with BaxBox. Once active, the malware can steal two-factor keys, install additional malware and attack other devices on the network, the German government recently announced. In addition, the malware is used for ad fraud and as a ‘residential proxy’ to carry out attacks.
Bitsight researchers managed to obtain a domain that the attackers use to communicate with compromised devices. As a result, the infected devices connected to a server of the security company, which had one hundred and sixty thousand unique IP addresses in a 24-hour period. Of these, a hundred thousand turned out to be Yandex 4K QLED smart TVs.
According to the researchers, these are not cheap Android TV boxes and it is the first time that smart TVs from a well-known brand communicate with a BadBox domain on such a large scale. Most of the infected TVs were spotted in Russia. In addition, Bitsight also counted many infections in China, caused by a pre-infected Hisense T963 smartphone.
It is unknown exactly how the malware ended up on the devices. The security company suspects that this was done during the logistics chain or by suppliers who offer the infected devices via, for example, Amazon, eBay or AliExpress. The German government recently managed to ‘sinkhole’ a domain used by BadBox and was thus able to redirect traffic from thirty thousand infected devices.