Ok, we’re being a little silly here, but in a sense it’s true – a new campaign is being carried out somewhere within the manufacturing/supply chain process related to Android phones, placing a firmware backdoor on them before they are shipped to stores.
The campaign, dubbed ‘BadBox’, has affected approximately 70,000+ smartphones, tablets and some set-top devices, infecting them with a version of the Triada malware. The malware is placed directly into the read-only (ROM) portion of the devices’ firmware, meaning that it can’t be removed by users, and it’s been placed on the devices’ chipset before it left the factory, meaning the devices are shipping with pre-loaded malware.
Once the phone is activated, the malware establishes a connection of command-and-control (C2) servers, and downloads additional malware. The malware is also capable of downloading and installing additional malware, all without any user consent or notification.
The infection appears to be limited to phones produced from a small number of Chinese facilities, and no IOS devices were affected. But this highlights an increasing level of sophistication on the part of cybercriminals, as their level of influence and infiltration allows them to place malware tools directly onto device chipsets, without any action required by customers.
Read More:
Security Affaris: https://securityaffairs.com/152124/malware/badbox-network-backdoored-firmware.html
Infosecurity Magazine: https://www.infosecurity-magazine.com/news/malware-infected-devices-retailers/
