Vast botnet hijacks smart TVs for prime-time cybercrime • The Register
Updated Security researchers have pinned a DDoS botnet that’s infected potentially millions of smart TVs and set-top boxes to an eight-year-old cybercrime syndicate called Bigpanzi.
At least 170,000 bots were running daily at the campaign’s height after infecting Android-based TVs and other streaming hardware via pirated apps and firmware updates.
A common infection scenario would see a user visit a dodgy streaming site while browsing on their smartphone, only to then be pushed into downloading the associated malicious app to their Android-based smart TV.
A user would then have their device backdoored and its resources made available for use in various cybercrimes, including DDoS attacks and hijacking other streams, replacing other channels’ content with an attacker’s.
Such a case happened in the United Arab Emirates back in December 2023, for example, where regular broadcasts were hijacked with imagery from inside the conflict between Israel and Palestine.
“The potential for Bigpanzi-controlled TVs and STBs to broadcast violent, terroristic, or pornographic content, or to employ increasingly convincing AI-generated videos for political propaganda, poses a significant threat to social order and stability,” said researchers at Chinese security biz Qianxin.
The researchers didn’t detail the history of the botnet’s DDoS activity or blame it for any high-profile attacks, but to get a feel for what it’s capable of, its DDoS commands are inherited from the infamous Mirai.
Qianxin’s investigation revealed the malware, called pandoraspear, added 11 different Mirai-related DDoS attack vectors to its list of commands after the first few versions had comparably weaker tools in this area.
As we all know, Mirai was responsible for some of the most high-profile DDoS attacks from yesteryear, including those on Dyn, GitHub, Reddit, and Airbnb – all falling on that one October 2016 day that broke the internet (not in the viral sensation kind). It’s also a malware that just keeps cropping up and is under active development to this day.
In trying to trace the identity of those behind pandoraspear, Qianxin’s researchers eventually narrowed their search down to a single company but…
