BSI of Germany did a really good job.
Germany's Federal Office of Information Security (BSI) has announced that it has disrupted a malware operation called BADBOX that came preloaded on at least 30,000 internet-connected devices sold across the country.
Whether you shop online or in-store, choose your retailer wisely when buying smart TVs, mobile phones, or tablets
"...Impacted devices include digital picture frames, media players, and streamers, and likely phones and tablets."
'What all of these devices have in common is that they have outdated Android versions and were delivered with pre-installed malware,' the BSI said in a press release."
"Once connected to the internet, the malware embedded into the devices can collect a wide range of data such as authentication codes, and install additional malware."
"...'Anyone can accidentally buy a BADBOX device online without ever knowing it was fake, plugging it in, and unknowingly opening this backdoor malware.'
The BSI said that devices compromised by BADBOX are also capable of acting as a residential proxy service, allowing other threat actors to route their internet traffic through them while simultaneously evading detection. They could also be used to create online accounts on Gmail and WhatsApp."
"These off-brand devices discovered to be infected were not Play Protect certified Android devices. If a device isn't Play Protect certified, Google doesn’t have a record of security and compatibility test results. Play Protect certified Android devices undergo extensive testing to ensure quality and user safety..."
"Cybersecurity Bitsight, in an analysis published December 17, 2024, said it identified 192,000 BADBOX infected devices, citing telemetry data, with most of them traced back to Yandex 4K QLED TV and T963 Hisense smartphone. The top affected countries are Russia, China, India, Belarus, Brazil, and Ukraine."