Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Android TV botnet. Show all posts
Smart TV Security
Android TV botnet Cyber Security IoT device hacking Ireland cyberattack warning Kimwolf botnet Smart TV Security

Urgent Alert for Irish Homes as Massive Cyberattacks Exploit Smart TVs and IoT Devices

 

An urgent cybersecurity alert has been issued to households across Ireland amid warnings of “large scale” cyberattacks that could compromise everyday home devices.

Grant Thornton Ireland has cautioned that devices such as Android TV boxes and TV streaming hardware are increasingly being leveraged in cyberattacks on a daily basis. The warning follows one of the largest Distributed Denial of Service (DDoS) attacks ever recorded, which occurred in November 2025.

Although the attack lasted only 35 seconds, it reached an unprecedented peak of 31.4 terabits per second. Investigations revealed that the assault was carried out by a botnet known as Kimwolf, largely made up of hijacked Android-powered televisions and TV streaming devices.

The attack was identified and mitigated by cybersecurity firm Cloudflare. However, security specialists warn that millions of low-cost, poorly secured devices remain vulnerable to infection and remote control by cybercriminals.

Experts at Grant Thornton highlighted that cyber risks are no longer limited to workplace systems. Instead, individuals are increasingly being targeted through commonly used household technology.

Once compromised, devices such as smart TVs or even smart lightbulbs can provide attackers with a gateway into a home network. From there, cybercriminals can gather personal information and launch more tailored phishing campaigns. Devices lacking proper security protections are considered the most vulnerable.

Cybersecurity Partner at Grant Thornton Ireland, Howard Shortt, said:
“Many people don’t realise that a low-cost Android TV box in their sitting room or a cheap smart lightbulb can be compromised in seconds.

“Once attackers gain access, they can use that device as part of a botnet or quietly profile the household to support more targeted and convincing phishing attacks.

“Attackers typically exploit default passwords, outdated software, or unpatched vulnerabilities in internet-connected devices and once inside a home network, can observe traffic patterns and build a profile of the household.

“That information allows criminals to engineer highly believable phishing messages.

“For example, posing as a streaming provider with a prompt to review a show you have just watched.

“At that point, the scam is no longer random and much more believable.”

Grant Thornton stressed that “the risk extends beyond TV devices” and warned that low-cost Internet of Things (IoT) gadgets are becoming increasingly common in Irish homes, often with minimal built-in security.

Shortt urged households to take a proactive stance on home cybersecurity, recommending “basic steps such as changing default passwords on all smart devices and routers”.

He also advised consumers to purchase devices only from reputable brands and trusted vendors to reduce the risk of compromise.

Read more »
smart device malware
Android TV botnet FBI cyber alert home network protection internet security risks IoT malware threat malware residential proxy botnet smart device malware

FBI Issues Alert as BADBOX 2.0 Malware Infects Over 1 Million Devices, Hijacking Home Networks Worldwide

 

The FBI has issued a critical warning regarding a massive malware campaign—dubbed BADBOX 2.0—which has compromised over 1 million Internet-connected consumer devices, including smart TVs, Android tablets, projectors, and streaming boxes. The malware, often embedded in Chinese-manufactured IoT devices, turns them into residential proxies exploited by cybercriminals to mask their activities.

"The BADBOX 2.0 botnet consists of millions of infected devices and maintains numerous backdoors to proxy services that cyber criminal actors exploit by either selling or providing free access to compromised home networks to be used for various criminal activity," the FBI stated.

The infection typically occurs when users purchase devices preloaded with malicious firmware or unknowingly install compromised apps from third-party stores or, occasionally, even Google Play. During initial setup, these apps introduce backdoors, linking the devices to command and control (C2) servers, where attackers remotely execute various malicious operations.

These include:
  • Residential Proxy Networks: Using victims' home IP addresses to route traffic and hide malicious activity.
  • Ad Fraud: Background ad-clicking to generate illegitimate revenue.
  • Credential Stuffing: Attempting unauthorized logins using stolen credentials, hidden behind compromised IPs.
"Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process," the FBI added.

The original BADBOX malware was discovered in 2023 on low-cost Android TV boxes such as the T95. Though a 2024 takedown effort by Germany’s cybersecurity agency temporarily crippled the botnet by disrupting its infrastructure, attackers quickly rebounded. Within a week, nearly 192,000 new infections were recorded—including among more reputable devices like Yandex TVs and Hisense smartphones.

According to HUMAN's Satori Threat Intelligence, over 1 million devices were compromised by March 2025. The malware predominantly affects Android Open Source Project (AOSP) devices—not those certified by Google Play Protect or running official Android TV OS. Researchers observed BADBOX 2.0 activity in 222 countries and territories, with the highest infection rates reported in Brazil (37.6%), the United States (18.2%), Mexico (6.3%), and Argentina (5.3%).

"This scheme impacted more than 1 million consumer devices. Devices connected to the BADBOX 2.0 operation included lower-price-point, 'off brand', uncertified tablets, connected TV (CTV) boxes, digital projectors, and more," explains HUMAN.

Despite another coordinated disruption effort by HUMAN, Google, Trend Micro, and other partners—successfully preventing 500,000 infected devices from reaching command servers—the malware campaign persists, fueled by ongoing global sales of vulnerable devices.

Red flags indicating BADBOX 2.0 infection include:

  • Suspicious or third-party app stores preloaded on the device
  • Disabled Google Play Protect
  • Claims of free or unlocked streaming access
  • Unbranded or unknown device manufacturers
  • Unusual Internet traffic patterns

The FBI advises consumers to take the following precautions:

  • Audit all connected smart devices for abnormal behavior
  • Avoid downloading apps from unofficial sources
  • Monitor home network traffic regularly
  • Ensure devices are updated with the latest firmware
  • Immediately disconnect any suspected devices from the Internet
If compromised, isolating the affected device from the network can help prevent further damage and disrupt the malware’s control path.

Read more »
Subscribe to: Comments (Atom)