When asked about smart home devices, cybersecurity experts will generally say to be wary of them, or at least make sure they’re segmented from the home’s main network or on a VLAN. And, when asked about which devices gives them most pause, they will largely agree that smart TVs are the most insecure devices that can appear on a home’s network. Now, a Chinese cybersecurity firm is confirming those suspicions and is sounding the alarm on a large botnet campaign called “Bigpanzi” that is targeting Android OS smart TVs and set-top boxes and has been active since 2015.

QiAnXin, a cybersecurity service and anti-virus software firm says the hackers entice users to install free or cheap audiovisual apps for firmware updates and embed backdoor components to transform those devices into part of the Bigpanzi botnet to carry out further malicious activity, such as traffic proxying, DDoS attacks, OTT content provision and pirating traffic.

Unlike a typical botnet, Bigpanzi’s activities extend far beyond DDoS attacks, using Android TVs and set-top boxes to disseminate visual or audio content.

One example was a network attack on set-top boxes in the United Arab Emirates in which attackers substituted regular broadcasts with footage of the Israel-Palestine conflict, according to QiAnXin.

“The potential for Bigpanzi-controlled TVs and STBs to broadcast violent, terroristic, or pornographic content, or to employ increasingly convincing AI-generated videos for political propaganda, poses a significant threat to social order and stability,” company researchers write in a blog.

Researchers say the hacking group, which has successfully hidden themselves for eight years, infects user devices via pirated movie and TV apps on Android devices, backdoored generic OTA firmware on Android devices, and backdoored “SmartUpTool” firmware on eCos devices.

Researchers say the peak daily active bots in the campaign were around 170,000, primarily in Brazil. Nodes are primarily distributed across Brazil, amazing over 1.3 million distinct IPs since August, the company says.

While a botnet of that size is alarming enough,…