Human Security has disrupted a sophisticated, ongoing digital supply chain threat operating out of China targeting Android devices, the company said.
The cyber defender, which specializes in disrupting bot attacks, digital fraud and abuse, said it impeded a “key monitization mechanism” of a number of criminal operations involving “backdoored” off-brand mobile and CTV Android devices sold to end users through retailers in China.
74,000 Android Infections Found
Here are some key observations by Human’s Satori threat intelligence and research team, which said it witnessed some 74,000 infections on Android-based mobile phones, tablets and CTV boxes:
“The Badbox scheme is an incredibly sophisticated operation, and it demonstrates how criminals use distributed supply chains to amplify their schemes on unsuspecting consumers who purchase devices from trusted e-commerce platforms and retailers,” said Gavin Reid, Human's chief information security officer. “This backdoor operation is deceptive and dangerous because it is nearly impossible for users to tell if their devices are compromised. Of the devices Human acquired from online retailers, 80 percent were infected with Badbox, which demonstrates how broadly they were circulating on the market.”
Baxbox Campaign Uses Fake Clicks to Defraud Advertisers
In another scheme, a year ago Human discovered an advertising fraud variant of Badbox in a ruse using fake clicks to defraud advertisers and the ad technology ecosystem.
Here are some details of that campaign:
Human said it collaborated with Google and Apple to disrupt the Peachpit operation and shared information with law enforcement about the Badbox campaign.
“The cybercriminals behind Peachpit utilized methods such as hidden advertisements, spoofed web traffic and malvertising to monetize their scheme and defraud the advertising industry,” said Marion Habiby, Human data scientist.
