Skip Navigation

Badly [re-]titled ArsTechnica article warns of large multi-vector malware incursions in IoT and personal devices suspected to be Chinese in origin

"In total the researchers confirmed eight devices with backdoors installed—seven TV boxes, the T95, T95Z, T95MAX, X88, Q9, X12PLUS, and MXQ Pro 5G, and a tablet J5-W. (Some of these have also been identified by other security researchers looking into the issue in recent months)."

edit this is the v4 of the title of this post. I'm not accustomed to editorializing or de-editorializing posts. I believe that the brand names involved were fairly trivial to the discussion of escalating malware cyberoperations especially if they are state sponsored. Earlier versions of the title were mischiefously incendiary. I apologize for that.

16 comments
  • This is the best summary I could come up with:


    This week, cybersecurity firm Human Security is revealing new details about the scope of the infected devices and the hidden, interconnected web of fraud schemes linked to the streaming boxes.

    “They’re like a Swiss Army knife of doing bad things on the Internet,” says Gavin Reid, the CISO at Human Security who leads the company’s Satori Threat Intelligence and Research team.

    “This is a truly distributed way of doing fraud.” Reid says the company has shared details of facilities where the devices may have been manufactured with law enforcement agencies.

    In the second half of 2022, Human Security says in its report, its researchers spotted an Android app that appeared to be linked to inauthentic traffic and connected to the domain flyermobi.com.

    When Milisic posted his initial findings about the T95 Android box in January, the research also pointed to the flyermobi domain.

    The company’s report, which has data scientist Marion Habiby as its lead author, says Human Security spotted at least 74,000 Android devices showing signs of a Badbox infection around the world—including some in schools across the US.


    The original article contains 455 words, the summary contains 180 words. Saved 60%. I'm a bot and I'm open source!

  • This article does NOT say Apple is shipping hardware with badbox / peachpit preinstalled.

    It does look like some shady apps got submitted to Apple’s App Store and were committing Ad Fraud. Moreover, it looks like the Android Badbox devices are kind of toast, unless you’re up for totally reinstalling new firmware.

    https://www.humansecurity.com/hubfs/HUMAN_Report_BADBOX-and-PEACHPIT.pdf

    If you bought a name brand streaming device, and only installed popular well known apps from their marketplaces, you’re properly fine.

16 comments