Mexico. TV Boxes and sticks are becoming more and more common as an option to turn any TV into a Smart TV or keep one updated that, although smart, lags behind in new functionalities.
ESET, a proactive threat detection company, warns that this eagerness to watch the latest series was the basis for a group of cybercriminals to distribute malware for Android TV Boxes through malicious applications and thus cause more than 2000 denial-of-service attacks.
"The search to expand the catalog of movies and series leads some people not to look carefully at what application they are downloading, or what page they visit. The distribution of this botnet was mainly through streaming applications on websites such as Tele Latino, You Cine and Magis TV, among others. These apps are available not only for Android Tv Boxes, but also for many other devices, including TV Sticks such as those from Amazon or Xiaomi. Once the devices are infected, the attackers take control and use them to orchestrate distributed denial-of-service (DDoS) attacks, that is, using each of the thousands of zombies they manage to infect so that they send requests directed to the same destination and thus disable the servers of their target," warns Camilo Gutiérrez Amaya, Head of the Research Lab at ESET Latin America.
As detailed in the latest ESET Threat Report, the devices were targeted by a Trojan-type malware related to Mirai, a well-known botnet (a network of computers hijacked by attackers who take control and can send various commands, such as sending spam, stealing data or launching DDoS attacks). The malware is detected by ESET as Android.Pandora, was first described by September 2023, by Dr. Web.
Its distribution was mainly through streaming applications on websites such as Tele Latino, You Cine and Magis TV, among others. These apps are available not only for Android Tv Boxes, but also for many other devices, including TV Sticks such as those from Amazon or Xiaomi. Another way detected is through malicious firmware updates that may be pre-installed by a reseller, or that may be installed by the unsuspecting user.
Cybercriminals focused their activity in Latin America, according to the ESET report, and among the most attacked countries in the region, Brazil (20%), Mexico (13%), and Peru (11%) stand out as the main targets. It can also be seen that many of the deceptive pages are in Spanish, which may indicate the directionality of the attack.
Other Mirai botnets
In the second half of 2023, Mirai-based botnets, such as Gafgyt and BotenaGo, and tracked by ESET, saw a 59% decrease in attacks, totaling 7.5 million attacks. The United States, Germany, and the United Kingdom were the main targets.
Although attacks decreased, the reality is that Mirai-based armies – affected teams and at the service of the botnet – increased by 58%, reaching more than 168,000 devices, mainly driven by a 164% increase in Egypt. In those cases, Germany, the United States and Mexico faced the highest percentage of attacks.
ESET shares some security tips:
• Use strong, unique passwords.
• Keep systems up to date.
• Research the app you are about to install, check reviews for alerts from other users.
• Avoid rooting devices, as this can give cyberattackers an advantage
• Be careful if you are going to update the firmware, the same care as when installing applications or visiting a page.
• Install a reliable security solution, this will help detect and remove threats.
Leave your comment