Archived (in German)

Germany’s Federal Office for Information Security (BSI) sinkholed internet traffic originating from Germany and going to the command and control servers of the BADBOX malware group, BSI writes on its website.

The malware was first detected in October 2023 by Human Security, a company specialized in detecting advertising fraud. The BADBOX group, which originates from China, assembled a botnet of over 280,000 systems by hiding its malware in malicious Android and iOS apps and inside the firmware of Android TV streaming boxes.

Human Security said the BADBOX group operated out of China and most likely had access to hardware supply chains where its members could deploy the malicious firmware on streaming boxes. BADBOX affects consumers from both the public and private sector.

The BSI says all German internet service providers with over 100,000 clients are now mandated by law to redirect BADBOX traffic to its sinkhole. A sinkhole is a server designed to capture malicious traffic and prevent control of infected devices by the criminals who infected them.

It is reportedly the first time the German BSI has sinkholed a malware operation on its own. Prior to that, the BSI did this as part of international efforts targeting cybercrime operations.

They should force a recall.

@B0rax@feddit.org
link
fedilink
5
edit-2
8d

A recall of cheap Android streaming boxes dropshipped from China? Ha!

If not the chineese manufacturer, then whoever is importing them .

You don’t understand. The end user is the importer. That’s the whole idea behind aliexpress, temu and others. They don’t need to adhere to any local laws because the customer directly shops on the Chinese website.

@Hirom@beehaw.org
link
fedilink
5
edit-2
6d

Temu sure wish they didn’t, but they do in fact need to adhere to local laws in juridictions where they’re doing business.

There already are complaints against Temu for noncompliance to EU regulation. For instance https://www.beuc.eu/sites/default/files/publications/BEUC-X-2024-046_Temu_Why_the_fast-growing_online_marketplace_fails_to_comply_with_the_DSA.pdf

It may be trickier to enforce law against Temu vs a more classic and direct seller of goods, so it may take more time, and it may become a game of whack a mole, but there will be some enforcement.

Yeah, those streaming boxes were always problematic I used to have one years ago and detected suspicious traffic Pulled it out immediately

Create a post

A nice place to discuss rumors, happenings, innovations, and challenges in the technology sphere. We also welcome discussions on the intersections of technology and society. If it’s technological news or discussion of technology, it probably belongs here.

Remember the overriding ethos on Beehaw: Be(e) Nice. Each user you encounter here is a person, and should be treated with kindness (even if they’re wrong, or use a Linux distro you don’t like). Personal attacks will not be tolerated.

Subcommunities on Beehaw:


This community’s icon was made by Aaron Schneider, under the CC-BY-NC-SA 4.0 license.

  • 1 user online
  • 59 users / day
  • 200 users / week
  • 637 users / month
  • 2.07K users / 6 months
  • 1 subscriber
  • 3.48K Posts
  • 69K Comments
  • Modlog