SafetyDetectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

German Authorities Disrupt Malware Organization

Tyler Cross
Tyler Cross Senior Writer
Published on: December 18, 2024
Tyler Cross Tyler Cross
Published on: December 18, 2024 Senior Writer

German authorities disrupted a large-scale malware distribution ring known as BADBOX, continuing Germany’s string of successfully busting malware organizations and online hacking groups.

Law enforcement agencies cut off the group’s connection to its C2 servers in an act called “sinkholing.” This effectively destroyed the website. In the best-case scenario, this cripples the group beyond repair, in the worst-case scenario, its activities are still temporarily halted.

BADBOX mostly infected low-end devices and spread to more than 30,000 Android devices across Germany, making it a national cybersecurity risk.

The hackers didn’t access someone’s Android or get them through phishing scams. Instead, the organization attacked the pre-installed apps on people’s phones, infecting them during their creation. Out-of-date Android phones were hacked pre-distribution and carried the Triada malware before it got a chance to reach someones pockets.

Triada creates a backdoor into someone’s phone that BADBOX would use to exfiltrate people’s data and grant themselves administrative access to the phone.

However, authorities also learned that BADBOX was only a cog in a greater malware-distribution machine. BADBOX would install a backdoor and spy on customers, but it also powered the PEACHPIT botnet.

PEACHPIT is a botnet that displays fraudulent advertisements for spoofed Android and iOS apps. For example, it might display a fake version of YouTube and encourage users to click on the ad.

It monetized itself via programmatic advertisement wherein the hackers would earn money from fraudulent advertisers each time a user interacted with their ad.

Altogether, BADBOX would seek vulnerabilities in out-of-date Android devices, infecting them during the distribution stage. Afterward, hackers would later infect specific devices with PEACHPIT and display numerous false advertisements to them. Clicking on these ads would most likely give the user additional malware and generate profit for the hacking group at the same time.

Needless to say, the German authority’s victory over BADBOX is a great step towards improving Germany’s cybersecurity landscape.

About the Author
Tyler Cross
Tyler Cross
Senior Writer
Published on: December 18, 2024

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends.

Leave a Comment