BadBox Malware Is Picking Up Speed, Targeting Certain Android Devices

There are plenty of things you can do to avoid downloading malware onto your device, but what if your phone comes pre-installed with a virus? It may sound strange, but law enforcement has actually detected an increase in products that come pre-installed with the BadBox malware.

BadBox Malware Is Infiltrating Third-Party Devices

According to a statement from the German Federal Office for Information Security, authorities have discovered that a number of IoT and Android devices have been sold with BadBox pre-installed. These devices often come with outdated versions of Android, allowing attackers to exploit known vulnerabilities in the operating system during the manufacturing process.

Because the bad guys injected the malware during the device manufacturing process, BadBox is deeply embedded in the system files and cannot be removed by normal means. So what does BadBox do? It can do a lot of scary things:

BadBox can create accounts for email and messaging services without being detected, which are then used to spread fake news. BadBox can also commit ad fraud by accessing websites in the background. The malware can also act as a civilian proxy service. It makes the user's Internet connection available to unknown third parties, who can then use it for criminal activities (cyberattacks, distribution of illegal content). This can link the affected person's IP address to criminal activities. BadBox can also download additional malware.

Ideally, ISPs will contact those who purchased infected IoT botnet devices and alert them to their presence, the Federal Information Security Agency says. As a consumer, it's important to pay extra to ensure your products come from reputable, well-known manufacturers. Opting for lesser-known alternatives may be cheaper, but it also opens the door for malware developers to gain a foothold on your device long before you even buy it.

Samuel Daniel

Update 17 December 2024