Tag: boxes | Page 2

Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign • The Register

October 8, 2023/in Computer Security

Infosec in brief Bot defense software vendor Human Security last week detailed an attack that “sold off-brand mobile and Connected TV (CTV) devices on popular online retailers and resale sites … preloaded with a known malware called Triada.”

Human named the campaign to infect and distribute the Android devices BADBOX. The infected devices were sold for under $50. Human’s researchers found over 200 models with pre-installed malware, and when it went shopping for seven particular devices found that 80 percent of units were infected with BADBOX.

Analysis of infected devices yielded intel on an ad fraud module Human’s researchers named PEACHPIT. At its peak, PEACHPIT ran on a botnet spanning 121,000 devices a day on Android. The attackers also created malicious iOS apps, which ran on 159,000 Apple devices a day at the peak of the PEACHPIT campaign.

Those infected devices delivered over four billion ads a day – all invisible to users.

Human Security’s technical report [PDF] on BADBOX and PEACHPIT describes the campaign: “A Chinese manufacturer (possibly many manufacturers) builds a wide variety of Android-based devices, including phones, tablets, and CTV boxes.

“At some point between the manufacturing of these products and their delivery to resellers, physical retail stores and e-commerce warehouses, a firmware backdoor … gets installed and the product boxes are sealed in plastic, priming these devices for fraud on arrival at their destination.”

Human Security worked with Apple and Google to disrupt PEACHPIT, but warned BADBOX devices remain plentiful.

“Anyone can accidentally buy a BADBOX device online without ever knowing it was fake, plug it in, and unknowingly open this backdoor malware,” wrote Human Security’s Rosemary Cipriano. “This malware can be used to steal PII, run hidden bots, create residential proxy exit peers, steal cookies and one-time passwords, and more unique fraud schemes.”

– Simon Sharwood

It’s been four months since mass exploitation of vulnerabilities in Progress Software’s MOVEit file transfer software was publicly announced, and only a little more recent that the Clop ransomware gang added Sony to its list of victims.

In early…

Source…

Android TV Boxes Sold on Amazon Come Pre-Loaded with Malware

May 10, 2023/in Computer Security

Certain Android TV Box models from manufacturers AllWinner and RockChip, available for purchase on Amazon, come pre-loaded with malware from the BianLian family, a variant of which we investigated last year. The malware, discovered by security researcher Daniel Milisic, adds your smart set-top box to a botnet for initiating coordinated attacks. Affected models include the AllWinner T95, AllWinner T95Max, RockChip X12-Plus, and RockChip X88-Pro-10.

By looking at the traffic being sent by these devices, the researcher was surprised to find a number of DNS requests being sent for domains publically known to be botnet Command and Control (C&C) servers. The researcher also extracted a Stage-1 payload for the malware and contacted Linode, who had been hosting some of the C&C servers, getting them to shut them down. Having reached out to AllWinner, the researcher received a response denying the presence of malware and attributing the malicious traffic observed to the presence of Logcat on the system—a fact which is wholly unrelated. EFF was able to independently confirm the researcher’s findings.

What’s more, the T95 smart set-top box came out-of-the-box with the Android Debugger (adb) wide open and available over WiFi. The Android Debugger gives access to control a device, including issuing commands and installing apps. The device firmware was signed with a testing key, and no clean or production-ready firmware was made available to consumers. Without access to a clean version of the system firmware, consumers are left without a clear way to clean their system of the malware.

The widespread availability of these low-end devices present a danger to consumers, their networks, and the security and stability of the internet at large. Though it would be impractical to conduct a thorough security audit for all merchandise sold on Amazon, a more thorough vetting process could be introduced before selling consumer-grade IoT devices. For instance, a basic network analysis would have found these devices communicating with C&C servers and having wide-open adb ports.

The sale of these devices reveals some glaring holes in public cybersecurity infrastructure. The devices, manufactured by…

Source…

Keeper Password Manager Review: Checks All the Boxes

May 1, 2022/in Mobile Security

With the constant rise of new security threats, password managers have become even more of a necessity. While many people think of LastPass and 1Password as the first names in the space, Keeper is another excellent service with competitive pricing and a plethora of features.

Keeper is worth considering if you’re looking for an alternative to the prominent password managers, even if it doesn’t bring anything too unique to the table.

Keeper: Costs and What’s Covered

Keeper does have a free version, but it’s limited to a single mobile device — there’s no free desktop or web option. The free version does offer unlimited password storage, two-factor authentication (2FA), and access to Keeper’s password generator, but it won’t be very useful to anyone with more than one device.

Luckily, Keeper’s paid plan, Keeper Unlimited is competitively priced at $34.99 per year. This is in line with what competitors charge: LastPass’s premium option costs $36 per year, while 1Password’s costs $35.88 per year. Keeper Unlimited users are free to use Keeper across unlimited devices (phones, laptops, desktops, etc), and can also store up to five files in Keeper’s encrypted storage.

Keeper Password Manager

Keeper’s Paid Plans (Image credit: Tom’s Hardware)

Keeper also has a Family plan, which provides access to the same features as Keeper Unlimited for up to five users for $74.99 per year. This is more expensive than its competitors’ Family plans — LastPass costs $48 per year for up to six people and 1Password costs $59.88 per year for up to five people — but Keeper’s Family plan does offer 10GB of storage space (LastPass and 1Password only offer 1GB).

Keeper also has add-ons that can be purchased in a bundle (the Plus Bundle) or individually. The Plus Bundle includes dark web monitoring and additional storage space, and costs $58.47 per year for individuals and $103.48 per year for families. You can also purchase Keeper’s dark web monitoring (BreachWatch) and additional storage à la carte; BreachWatch costs $19.99 per year for individuals and $39.99 per year for…

Source…