![How to Build Scalable Access Control for Your Web App [Full Handbook]](https://cdn.hashnode.com/res/hashnode/image/upload/v1738695897990/7a5962ce-9c4a-4e7c-bdeb-520dccc5d240.png?#)
BADBOX Botnet Infected Over 190,000 Android Devices Including LED TVs
A newly discovered botnet named BADBOX has been found to have infected over 190,000 Android devices, including high-end models like Yandex 4K QLED TVs. This botnet is particularly concerning due to its ability to infect devices potentially through pre-installed malware from the factory or further down the supply chain. The scale and stealth of BADBOX […] The post BADBOX Botnet Infected Over 190,000 Android Devices Including LED TVs appeared first on Cyber Security News.
A newly discovered botnet named BADBOX has been found to have infected over 190,000 Android devices, including high-end models like Yandex 4K QLED TVs.
This botnet is particularly concerning due to its ability to infect devices potentially through pre-installed malware from the factory or further down the supply chain.
The scale and stealth of BADBOX highlight the critical need for enhanced supply chain security and network monitoring.
The BADBOX botnet was identified using the Censys Internet Intelligence Platform, which revealed a common SSL/TLS certificate across its infrastructure.
This certificate, with the issuer DN “C=65, ST=singapore, L=singapore, O=singapre, OU=sall, CN=saee,” was used to track down associated IPs and domains.
The certificate query used was:-
cert.parsed.issuer_dn="C=65, ST=singapore, L=singapore, O=singapre, OU=sall, CN=saee"Experts at Censys noted that this query led to the identification of five IP addresses, all located in Singapore and associated with the Akamai ASN.
These IPs were found to have port 22 SSH open, indicating a templated environment setup by a single entity.
Certificate and SSH Details
The certificate in question is self-signed, with a 1024-bit RSA key, which is considered insecure due to its small size.
.webp)
The certificate’s SHA-256 fingerprint is “61609d67762922a390bf4c5ccc2b5ed43c1980a6777a0152e9a49c5b96d0d623.”
All five identified IPs share the same SSH Host Key, further supporting the notion of a single actor controlling these instances.
.webp)
The SSH Host Key fingerprint is “a885b892e4820b90fd05e45eda6bdd5983170cba6da23fb3610ed1a61726bd14.”
The identified IPs include:-
- 139.162.36[.]224
- 139.162.40[.]221
- 143.42.75[.]145
- 172.104.186[.]191
- 192.46.227[.]25
Additionally, numerous domains were found to be associated with this botnet, including:-
- bluefish[.]work
- cool.hbmc[.]net
- giddy[.]cc
- joyfulxx[.]com
- msohu[.]shop
- mtcpuouo[.]com
- pasiont[.]com
- sg100.idcloudhost[.]com
- yydsmb[.]com
- yydsmd[.]com
- ztword[.]com
The use of a common SSL/TLS certificate and SSH Host Key across its infrastructure suggests a well-coordinated operation by a single entity.
While it is crucial for organizations and individuals to remain vigilant and implement robust security measures to protect against such threats.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post BADBOX Botnet Infected Over 190,000 Android Devices Including LED TVs appeared first on Cyber Security News.
