Thousands of Android Devices Come With Unkillable Backdoor Preinstalled
upstart writes:
Somehow, advanced Triada malware was added to devices before reaching resellers:
When you buy a TV streaming box, there are certain things you wouldn't expect it to do. It shouldn't secretly be laced with malware or start communicating with servers in China when it's powered up. It definitely should not be acting as a node in an organized crime scheme making millions of dollars through fraud. However, that's been the reality for thousands of unknowing people who own cheap Android TV devices.
In January, security researcher Daniel Milisic discovered that a cheap Android TV streaming box called the T95 was infected with malware right out of the box, with multipleotherresearchers confirming the findings. But it was just the tip of the iceberg. This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.
Human Security researchers found seven Android TV boxes and one tablet with the backdoors installed, and they've seen signs of 200 different models of Android devices that may be impacted, according to a report shared exclusively with WIRED. The devices are in homes, businesses, and schools across the US. Meanwhile, Human Security says it has also taken down advertising fraud linked to the scheme, which likely helped pay for the operation.
[...] Human Security's research is divided into two areas: Badbox, which involves the compromised Android devices and the ways they are involved in fraud and cybercrime. And the second, dubbed Peachpit, is a related ad fraud operation involving at least 39 Android and iOS apps. Google says it has removed the apps following Human Security's research, while Apple says it has found issues in several of the apps reported to it.
Read more of this story at SoylentNews.