Name of Malware: BADBOX

Type of Malware: Backdoor, Bot, Proxy

Affected Operating Systems: Android

Affected Device Types: Mobile phones, smartphones, tablets, CTV Boxes

Impact: high

What is BADBOX?

BADBOX is an Android malware which is embedded in the device firmware. Infected devices immediately connect to a Command and Control (C2) server and enable the attacker to access the local network (proxy), intercept two-factor authentication secrets and to install additional malware on the device.

How did I get infected with BADBOX?

BADBOX is installed during or immediately after manufacture of the device. Once the device reaches the customer, it is already infected.

What do I have to do now?

It is recommended to immediately take infected devices out of service, as the malware resides on a non-writable partition of the firmware and cannot be removed by the user.