Cybercriminals use TV Boxes in Brazil for hacker attacks; To look

A report from a Chinese cybersecurity group showed that: Numerous TV Boxes in Brazil infected with malware. Infected devices form a botnet, a network controlled by cybercriminals to carry out DDoS, phishing, and other types of attacks.

According to Qianxin Xlabs, a Beijing-based laboratory, botnet controlled by the “Bigpanzi” criminal group is in circulation 170 thousand active bots, mostly in Brazil. The malware network is also associated with 1.3 million unique IP addresses.

According to Qianxin Xlabs, the infection has been occurring on Android TV Boxes since at least August. Cybercriminals can gain access to devices through firmware updates and backdoor applications (a type of backdoor through which hackers can access the system).

The report prepared by the Chinese also states the following: Distribution of botnet nodes occurs mostly in the state of São Paulo.

Qianxin Xlabs’ conclusion is that Bigpanzi has been secretly operating for the past eight years and amassing fortunes from these infected devices. In practice, TV Boxes act as an army for cybercriminals who can use ordinary people’s equipment to carry out hacker attacks.

“In the face of such a large and complex network, our findings represent just the tip of the iceberg in terms of the scope of Bigpanzi. There is still a great deal of monitoring and investigative work that needs to be carried out,” says an excerpt from the Qianxin Xlabs report.

What are the risks of having an infected TV Box?

In an interview with TecMundoThiago Ayub, Chief Technology Officer at Sage Networks, a company specializing in Cyber ​​Security, explains that unique IPs do not just represent TV Boxes. In reality, each number indicates an internet connection containing an infected TV Box.

“For example, a home with 4 of these devices sharing the same broadband connection will appear as a single IP address on the internet,” he notes. Because of this account specifically, the number of infected devices may exceed millions, Considering that each IP can have at least two devices connected.

Expert says the case highlights the risk associated with TV Boxes. In fact, he remembers: Every software is vulnerable to cybercriminalsBut there is a difference between consolidated companies and companies that do not have a good reputation in the market.

“The most popular TV boxes in Brazil have almost no distinguishable branding, are from unknown companies and are not permanent. “These are products that have not been approved by Anatel to operate in Brazil, they have no legal representatives in the country, and we cannot even find professionals on LinkedIn who are proud to work for these companies,” he points out.

Regarding the risks to users, Ayub states: Infected devices can deteriorate quality and even shut down home internet. This happens, for example, when a DDoS attack occurs.

“But the limit is the creativity of cybercriminals: These devices can even allow firewalls in homes and companies to be bypassed by acting as a bridge from the external network for criminals to interact with the internal network,” he notes.

The expert adds that signs that a device is infected are quite subtle, as parasites try to be as stealthy as possible. However, on other devices, it is possible to pay attention to phenomena such as device overheating and network slowdown.

Repeated situations with TV Boxes

The situation reported by Qianxin Xlabs is not very new. The National Telecommunications Agency (Anatel) had already issued one at the end of 2022. Research showing vulnerability of pirated TV Boxes.

The organization’s research found that counterfeit products allow malicious agents to gain complete control not only over the devices, but also over all other electronic devices connected to the same network.

“In addition to the presence of malware, security flaws have been detected in the application update process, allowing all exchanged information to be intercepted and modified by a malicious attacker, thus allowing malicious applications to be installed on devices,” he explained. , Anatel consultant Moisés Moreira.

Ayub argues that the Qianxin Xlabs survey is another indication that Anatel is warning users correctly. According to that, It’s important to talk about the cyber risks inherent in owning a fake device connected to the internet at home.

The expert also recalls a recent case where infected TV Boxes changed users’ programs to show images of the conflict between Israel and Palestine.

“The risk is real, it has been identified. The loss in this case examined is not only for the owner of the infringed intellectual property. “It is also the company that is offline due to DDoS and internet instability for those who have such a product at home,” he concludes.