In a world where malware is very common, Germany made an attempt to disrupt malware using a malware operation called BADBOX, saving 30,000 devices. BADBOX will come preloaded on at least 30,000 internet-connected devices, cutting access to hackers. This decision by Germany is indeed going to make significant changes in the digital world.
Germany blocks BADBOX Malware, saving devices from hackers
Germany took measures to block BADBOX malware, making devices hackers-free. The BADBOX malware operation works to pre-load over 30,000 Andriod devices that are sold in the country. BADBOX is an Android malware that comes pre-installed in an internet-connected device, which reduces the risk of threats or hackers trying to gain access to the network where the device is located.
Devices like media players, streamers, digital picture frames, phones, and tablets are impacted by this operation. The malware will try to contact a remote command and control server when an infected device is first connected to the internet. This remote server will notify BADBOX malware regarding what malicious services should be run on the device and will also receive stolen data from the network.
The German sinkhole operation exposes the hidden threats in low-cost devices that give hackers access to the device to perform malicious activities. German cybersecurity follows a method called sinkhole to redirect traffic from infected devices to a safer server.
The introduction of this method saves the device from hackers because, according to research, devices acquired from online retailers were 80% infected with BADBOX. The sinkhole action ensures the safety of users by protecting them from malware. This method simply cuts hackers’ access, but it is a powerful step to keep the devices secure and safe.
Malware increases the risk of stealing two-factor authentication codes, creating email and messaging on different platform accounts to generate confusion or spread fake news, and installing further malware. However, Germany’s cybersecurity has blocked communication between BADBOX malware devices and their command and control infrastructure, giving hackers a hard time.
This approach of Germany sinkholes the DNS queries so that the malware communicates with the police-controlled server rather than the attacker’s command and control servers. The sinkhole action prevents malware from sending stolen data to hackers or receiving any new commands. This makes the attackers powerless and prevents the malware from working on the infected device.
Also Read: Is Your Phone Spying On You? Take This Simple Test Now
The operation ensures that the infected device owner is notified
The main target of BADBOX malware is often smartphones, tablets, and connected TV streaming boxes. Mostly, low-cost devices are the victims of this malware that are sold through resale sites or online retailers. The problem is that devices sold through such resale sites or online retailers come preloaded with Triada, which is a type of malware that creates a backdoor, allowing attackers to control devices remotely and exploit the device for malicious activities.
Germany’s cybersecurity agency worked on the problem and blocked the communication between the infected devices and criminal control servers, thereby preventing further damage. However, devices with outdated software are still at the risk of malware. The sinkhole operation prevents the risk of accidentally buying a BAXBOX device online without even knowing it is fake.
The owners of the devices impacted by this sinkhole operation will be notified by their internet service providers and the agency alerts that anyone receiving a notification should immediately stop using it or disconnect the device from their network. In case of pre-installed malware devices, the device’s manufacturer should not be trusted and it is best to return or discard the device. Also, the outdated Andriod versions are at the highest risk of malware because even if they are secured against BADBOX, they can still be exposed to other malware as long as they are connected online.
Cybersecurity also warns manufacturers and retailers to prevent such devices with outdated versions from coming to the market. Also, users should look for signs that the device is infected by malware. Some signs include overheating of the phone when remaining idle, performance issues, suspicious activities, connection to unknown external servers, or unexpected settings changes. It is best to purchase devices from reputable manufacturers and choose products that offer long-term security support.
