Researchers at several companies say that the campaign appears to come from a completely connected ecosystem from fraud groups instead of a single actor. Each group has its own versions of Badbox 2.0 Backdoor and Malware modules and distributes the software in a variety of ways. In some cases, malicious programs are pre -installed on pre -installed devices, but in many examples that researchers have tracked, they deceive users’ attackers in unknowingly installing risky programs.
Researchers highlight techniques in which fraudsters create a benign app – as a game – it shows it in the Play Google store to show that it has been reviewed, but then deceives users to load almost uniform versions of the program that are not hosted in official app stores. Researchers say such “twin” programs have been shown at least 24 times, allowing attackers to scam in Google Play versions and distribute malware in their impostor programs. Man also found that distributed fraudsters have been compromised more than 200 copies and re -distribute popular and original programs as another way to broadcast their back.
“We saw four types of fraud modules – two promotional frauds, one fake click, and then the proxy network – but this is expandable,” says Vice President Lindsi Kai on the threat. “So you can imagine how, if the time was over and they were able to develop more modules, they may create more relationships, there is an opportunity to have extras.”
Researchers at Trend Micro’s security company worked with humans in Badbox 2.0 research, especially focusing on the actors behind the activity.
“The scale of this operation is very high,” says Fyodor Yarushin, a senior threat researcher. “While there is” easily a million units online “for each group,” This is just a number of devices that are now connected to their platform. If you count all the devices that are likely to be cargo, it will probably be more than a few million, “he said.
“Many of the groups involved in these campaigns appear to have a relationship with advertising and marketing companies in the Chinese gray market,” Yaroukin adds. More than a decade ago, there were several lawsuits in China in which companies installed “silent” extensions on the devices and used them for a variety of seemingly fraudulent activity.
“Companies that were essentially survived at the age of 2015 were companies that were compatible,” says Yaroukin. He points out that his research has now identified several “business institutions” in China, which appears to be linked to some of the groups involved in Badbox 2. These communications include economic and technical bonds. “We have identified their addresses, we’ve seen some images of their offices, they have some employees’ accounts in LinkedIn,” he says.
Humans, the Micro and Google trends also collaborated with the Shadow Server Security Group to counteract the Badbox 2.0 infrastructure as much as possible, so it basically sends traffic and makes the necessary requests for vacuum. But the researchers warn that after the scams following the disclosure of the original Badbox design, it is unlikely that the exposure to Badbox 2.0 will permanently end the activity permanently.
“As a consumer, you have to keep in mind that if the device is too cheap to be right, you should be ready to have other wonders that are hidden in the device,” says Yarochkin Trend. “There is no free cheese unless the cheese is in a mouse.”
