A group of hackers has been secretly building a botnet of Android TV and eCos set-top boxes, and then monetizing access to gain huge amounts of wealth, researchers have warned.
Cybersecurity experts at Qianxin Xlabs called the operation “Bigpanzi” and say there are about 170,000 bots active daily.
Since not all endpoints are active at the same time, the botnet is expected to be much larger: researchers claim to have seen 1.3 million unique IP addresses since August 2023.
The tip of the iceberg
To infect devices with malware, criminals trick victims into downloading malicious applications themselves, according to another Dr. Web report. The applications, which have not been named, launch two variants of malware: pandoraspear and pcdn. While one acts as a Trojan and allows attackers to hijack DNS settings and execute commands, the other helps build a peer-to-peer (P2P) content delivery network (CDN) and can mount denial of service attacks. distributed (DDoS).
The campaign has been active since 2015, researchers say, and most of the victims are apparently in Brazil. “For the past eight years, Bigpanzi has been operating covertly, quietly accumulating wealth from the shadows,” Xlabs said in his report. “As their operations have advanced, there has been a significant proliferation of samples, domain names and IP addresses.”
“In the face of such a large and intricate network, our findings represent just the tip of the iceberg in terms of what Bigpanzi encompasses.”
There are several things Bigpanzi operators can do with infected devices. In particular, they can turn compromised set-top boxes into nodes and offer them as part of an illegal media streaming service. Additionally, they can offer traffic proxy networks for rent and mount DDoS attacks to whoever is willing to pay. Finally, they can use the botnet for the provision of OTT content.
Through beepcomputer
