PEACHPIT Botnet Harnesses Infected Mobile Devices

botnet

A botnet known as PEACHPIT, which engaged an extensive network of Android and iOS devices, was used by threat actors to generate illegal profits. This botnet is linked to a larger operation called BADBOX based in China, which involves the sale of off-brand mobile and connected TV devices on popular online retailers and resale platforms, all of which are compromised with Android malware called Triada.

PEACHPIT's associated apps were discovered in 227 countries and territories, with a peak estimate of 121,000 daily infected Android devices and 159,000 daily infected iOS devices, according to HUMAN Security.

This infection was achieved through a set of 39 apps that were downloaded over 15 million times. Devices containing the BADBOX malware allowed the operators to steal sensitive data, establish residential proxy exit points, and engage in ad fraud through fraudulent apps.

PEACHPIT Might Spread Through Supply Chain Attack

The method by which Android devices are compromised with a firmware backdoor is currently unclear, but there are indications of a hardware supply chain attack involving a Chinese manufacturer.

Threat actors could also use these compromised devices to create WhatsApp and Gmail accounts, making it difficult to detect as they appear to be created by genuine users.

Security researchers first documented this criminal operation in May 2023, attributing it to a group called Lemon Group.

HUMAN identified over 200 different types of Android devices, including mobile phones, tablets, and CTV products, that showed signs of BADBOX infection, indicating a widespread operation.

One significant aspect of the ad fraud scheme is the use of counterfeit apps on major app stores like the Apple App Store and Google's Play Store, as well as automatic downloads to compromised BADBOX devices. These apps contain a module that creates hidden WebViews to request, display, and interact with ads, making it appear as if the requests are coming from legitimate apps.

To combat this operation, the fraud prevention company collaborated with Apple and Google, and the threat actors have taken down the C2 servers responsible for the BADBOX firmware backdoor infection. As a result, the rest of BADBOX is now considered dormant.

By Zaib
October 10, 2023
Android Malware, Computer Security
English
October 10, 2023
Android Malware, Computer Security

Popular Posts

As Fears of the Coronavirus Pandemic Spread, So Does...

4 years ago

Microsoft Warns State-Backed Threat Actors Are Using AI in...

4 days ago

Trojan Al11 Malware Detection & Removal - An Essential...

11 months ago

Pinaview is a Fully-Featured Adware App

10 months ago

"Your iCloud is Being Hacked" and "Your iPhone has Been...

7 months ago

What is Lucky Ransomware?

7 months ago

Related Posts

Malware

Pink Botnet, From 1.6 Million Bots to 100,000 Infected Devices

The Pink Botnet is a dangerous project, which was first identified in 2020. However, it has rapidly grown in size over the past couple of months. In fact, for a short amount of time the Pink Botnet was one of the... Read more

November 1, 2021
Android Malware

RatMilad Malware Spotted Targeting Mobile Devices

A research team with mobile security company Zimperium recently spotted a new malware targeting Android-based mobile devices. The new strain is called RatMilad and was used primarily in attacks on devices located in... Read more

October 6, 2022
Malware

Pareto Botnet Targets Internet-of-Things Devices

Modern botnet creators rarely go after computers and, instead, they are looking into exploiting a far more widely spread piece of technology – Internet-of-things (IoT) devices. In short, IoT devices are pretty much... Read more

April 23, 2021
English
Loading...

Cyclonis Backup Details & Terms

The Free Basic Cyclonis Backup plan gives you 2 GB of cloud storage space with full functionality! No credit card required. Need more storage space? Purchase a larger Cyclonis Backup plan today! To learn more about our policies and pricing, see Terms of Service, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Cyclonis Password Manager Details & Terms

FREE Trial: 30-Day One-Time Offer! No credit card required for Free Trial. Full functionality for the length of the Free Trial. (Full functionality after Free Trial requires subscription purchase.) To learn more about our policies and pricing, see EULA, Privacy Policy, Discount Terms and Purchase Page. If you wish to uninstall the app, please visit the Uninstallation Instructions page.

Home

Products

Cyclonis Backup Cyclonis Password Manager Cyclonis World Time

Support

Help Files FAQs Downloads Inquiries & Support

Company

About Us Contact Us Report Abuse

Legal (Post Merger)

EnigmaSoft Limited (fka Cyclonis Limited)

Cyclonis Backup's Terms of Service Cyclonis Password Manager's EULA Cyclonis World Time's Terms of Service Privacy Policy Cookie Policy Special Discount Offer Terms Additional Terms & Conditions SpyHunter EULA RegHunter EULA EnigmaSoft Privacy Policy & Cookie Policy ESG Privacy Policy & Cookie Policy EnigmaSoft Discount Offer Terms ESG Discount Offer Terms

© 2017-2024 Cyclonis Ltd. CYCLONIS is a trademark of EnigmaSoft Limited (Cyclonis was merged into EnigmaSoft Limited effective November 25, 2023.) All rights reserved.

Registered Office EnigmaSoft Limited: 1 Castle Street, 3rd Floor, Dublin 2 D02 XD82, Ireland.
EnigmaSoft Limited, Private Company Limited by shares, Company Registration Number 597114.

Windows is a trademark of Microsoft, registered in the U.S. and other countries.
Mac, iPhone, iPad and App Store are trademarks of Apple Inc., registered in the U.S. and other countries.
iOS is a registered trademark of Cisco Systems, Inc. and/or its affiliates in the United States and certain other countries.
Android and Google Play are trademarks of Google LLC.