This post is also available in:
עברית (Hebrew)
German cybersecurity authorities have recently taken action against a significant malware threat, blocking around 30,000 digital picture frames, media players, and other Android-based devices infected with the BadBox malware. The devices, which came pre-loaded with the malicious software, pose substantial risks to users, as they connect automatically to a command-and-control server, giving attackers unauthorized access to sensitive information and control over the devices.
BadBox, a form of Android malware embedded in the device’s firmware, allows cybercriminals to intercept private credentials, install additional malicious software, and exploit the device for illegal activities, including launching distributed denial-of-service (DDoS) attacks. According to Cybernews, the malware has also been used for spreading fake news via email and messaging accounts created on infected devices, as well as for advertising fraud, by accessing websites and generating traffic in the background. In some cases, the malware enables third parties to conduct cyberattacks, distribute illegal content, and engage in other forms of criminal behavior, all while using the device owner’s internet connection.
To mitigate the damage, the German Federal Office for Information Security (BSI) has implemented a “sinkholing” measure, redirecting the infected devices’ communication away from the malicious control servers. While this prevents further harm, the devices remain vulnerable, as the malware is housed in a non-writable firmware partition that cannot be easily removed by users.
BSI’s president, Claudia Plattner, emphasized the risks posed by outdated firmware, which is often the underlying cause of such infections. She urged both manufacturers and consumers to prioritize cybersecurity, with manufacturers being responsible for ensuring devices are free of pre-installed malware, and consumers being vigilant when making purchasing decisions. While the BSI did not specify which products were affected, the issue spans multiple categories, and other devices, including smartphones and tablets, could also be at risk.
The BSI advises users to disconnect any infected devices from the internet immediately and to check their internet-capable products for potential vulnerabilities, as the malware may go undetected without intervention.
