Kogan has pulled the plug on a dangerous T 95 Android TV set top box, that security experts claim was sending data straight back to servers in China via malware planted in the box.
In an email sent to ChannelNews Kogan said they had stopped selling the box immediately after we exclusively revealed the existence of the boxes in Australia.
Amazon is still selling the affected boxes with thousands believed to have been sold in Australia via multiple retail outlets and online via Chinese web sites operating in Australia.
Cybersecurity firm Human Security exposed the malware botnet that fuels a network of fraudulent schemes. These TV devices, manufactured in China, come preloaded with the malware before they reach resellers.
– “They’re like a Swiss Army knife of doing bad things on the internet,” Gavin Reid, CISO at Human Security, told Wired. “Unbeknownst to the user, when you plug this thing in, it goes to a command and control (C2) in China and downloads an instruction set and starts doing a bunch of bad stuff.”
They refer to the malware botnet as ‘Badbox’.
“Human Security tracked multiple types of fraud linked to the compromised devices. This includes advertising fraud; residential proxy services, where the group behind the scheme sell access to your home network; the creation of fake Gmail and WhatsApp accounts using the connections; and remote code installation”.
“Those behind the scheme were selling access to residential networks commercially, the company’s report says, claiming to have access to more than 10 million home IP addresses and 7 million mobile IP addresses,” they claimed.
