Droid Tools

Tag: password

  • BadBox 2.0 more than 1 million Android devices infected – how to stay safe

    BadBox 2.0 more than 1 million Android devices infected – how to stay safe

    Together with Google, Trend Micro, The Shadowserver Foundation, and other partners, researchers from HUMAN’s Satori Threat Intelligence team were able to take down BadBox 2.0, the biggest network of compromised connected TV sets.

    The BadBox malware typically comes pre-installed on TV streaming boxes, smart TVs, tablets, digital projectors, or smartphones, and it infects a botnet of off-brand Android devices. As a backup backdoor distribution method, threat actors in this instance also ran hundreds of versions of well-known programs. Thankfully, 24 malicious “evil twin” apps that were distributing this virus were found and taken down from the Google Play Store by HUMAN’s researchers.

    They were successful in sink-holing communications to the malicious domains used by the hackers behind this effort, disrupting the botnet on more than 500,000 Android devices in total. In order to stop the compromised devices from contacting the command-and-control (C2) servers that the hackers have set up, the researchers have taken control of thousands of these BadBox 2.0 domains. This allows them to keep an eye on the connections and collect information on the botnet.

    badbox malware

    What is BadBox 2.0?

    BadBox 2.0 is a malware-based botnet that commits fraud and other criminal activities using less expensive, off-brand Android handsets. In October 2023, the original BadBox virus was disabled or rendered dormant, having infected 74,000 devices.

    This new version, BadBox 2.0, has infected more than 1 million devices according to HUMAN. The majority of the infections appear to be focused on Brazil (37.6%), followed by the U.S. (18.2%), Mexico (6.3%) and Argentina (5.3%).

    The compromised devices, which include, among other things, video projectors, smartphones, tablets, smart TVs, and Android TV streaming boxes, frequently come with malware pre-installed by the manufacturer. Alternatively, malicious “evil twin” software or firmware downloads infect them and add them to the botnet. “The infected devices are Android Open Source Project devices, not Android TV OS devices or Play Protect certified Android devices,” HUMAN said in a blog post.

    How to protect yourself from BadBox 2.0

    Google has already established a Play Protect enforcement rule to alert users and prevent the installation of apps linked to BadBox 2.0 on any certified Android devices, as well as deleted the dangerous apps found by HUMAN’s researchers from the Play Store.

    BadBox cannot be completely removed, though, because the search engine behemoth is unable to disinfect Android devices that are not Play Protect. The very bottom of Human’s report, which is mentioned above, has a list of devices that are known to be impacted by the current version of BadBox. It is unlikely that you will be able to upgrade your gadget with clean firmware if it is on that list. Disconnecting that gadget from the internet or, better yet, switching it out for a certified device from a reliable manufacturer is your safest course of action.

    “If a device isn’t Play Protect certified, Google doesn’t have a record of security and compatibility test results.” a Google spokesperson explained in a statement to BleepingComputer. “Play Protect certified Android devices undergo extensive testing to ensure quality and user safety. Users should ensure Google Play Protect, Android’s malware protection that is one by default on devices with Google Play Services, is enabled.”

    Avoid purchasing AOSP-based Android devices, such as off-brand TV boxes, that do not officially support Google Play Services if you want to be safe. Additionally, on whatever top streaming device you are using right now, always be sure to keep your firmware updated and apply the most recent security updates as soon as they are released.

    Additionally, you should only use apps from the Google Play Store and other official app shops and refrain from sideloading them. Similarly, while not in use, Android TV devices can be made offline by disabling their remote access functions. If your devices have unintentionally joined a botnet, this might offer an additional layer of protection to safeguard your data and equipment.

    Investing in one of the top mesh Wi-Fi systems with integrated security software or one of the best Wi-Fi routers may also be worthwhile.

  • 6 Useful Tips to Secure Your Android Device

    6 Useful Tips to Secure Your Android Device

    Russia has been invading Ukraine for over a month, and concerns about cybersecurity are growing. Even before the invasion, US officials blamed Russia for cyberattacks on Ukraine’s Ministry of Defense and two banks.

    While the US Cybersecurity and Infrastructure Security Agency has stated that there are no particular or credible cyberthreats aimed at the US, it has also stated that hypothetical cyberattacks are more likely to target infrastructure. CISA advises that everyone be ready in case something goes wrong. When it comes to cyberdefense, safeguarding your mobile device is a smart place to start. Here are six things Android users may do to keep their data safe.

    android secutiry 1

    Always update you OS

    Updating your operating system can resolve issues and repair known security risks. If you don’t update to the current version, you and your device are vulnerable to security weaknesses that could expose sensitive information to unscrupulous actors. Some individuals put off updating their operating system to avoid dealing with early glitches, but waiting too long can destroy your PC. Here’s all you need to know about Android 12.

    Use two-factor authentication

    In the event that your password is compromised, two-factor authentication, or 2FA, adds a second layer of security to your Android account. When you use 2FA, a second message is sent to another device after you enter your password, requesting you to confirm that you are trying to log in. It takes a little longer to log in, but the added degree of protection is well worth it. Here’s how to enable two-factor authentication.

    Password manager

    A password manager can assist you if you’re having problems remembering several passwords and creating unique passwords for each account. These tools can be used in conjunction with 2FA to securely store passwords and fill login pages automatically. They can also protect you from phishing schemes, which ask you to input your password on a phony website. Check out CNET’s reviews of password managers Bitwarden, LastPass, and 1Password for additional information.

    Encrypt your device

    Beginning in 2015, Google mandated that all Android smartphones be encrypted out of the box. After your device has been encrypted, every data saved on it is protected by a PIN number, fingerprint, pattern, or password that only the owner knows. Even Google won’t be able to unlock your device without the key. You may learn how to encrypt your phone here.

    Remove data from Google

    Because Android is a Google product, unencrypted device data may end up on a Google server. You can check with Google to see what data it has about you and request that it be deleted. It’ll take some time, but it’ll be worth it because your information can’t be stolen if it’s not in the system to begin with. Here’s how you ask Google to remove your data, but keep in mind that Google does not guarantee that it will comply with your request.

    Last option – reset/delete your phone

    You can remotely wipe your phone if you lose it or it is stolen. If you need to do this, our Android settings guide includes a walkthrough. Because this deletes all data from your phone, you should make a habit of backing it up on a second device if you have anything important on it.

    For more information on securing your phone, check out these eight apps to protect your phone’s privacy, what information digital security experts wish you knew and how to stop your phone from tracking you.