In a disturbing find, a government agency in Germany has discovered that as many as 30,000 Android devices in the country contained preinstalled malware.
On Thursday, German investigators issued a warning about the so-called “BadBox” malware, which embeds itself in the device’s firmware. The affected products include internet-connected digital picture frames and media players running an outdated version of the Android operating system, according to Germany’s Federal Office for Information Security, also known as BSI.
“In all cases known to the BSI, the BadBox malware was already installed on the respective devices when they were purchased,” the government agency said.
The malware can turn the affected product into a proxy service, enabling hackers to use your home internet to launch attacks. BadBox can also download additional malware and be used to access websites and ads in the background, carrying out click fraud.
In response, BSI has resorted to “sinkholing” the Badbox malware, redirecting internet traffic from the infected devices to government-controlled servers. The result can prevent the malware from communicating with the hacker’s command and control servers.
“There is no acute danger for these devices as long as the BSI maintains the sinkholing measure,” the agency added. Still, the BSI is urging the public to disconnect the infected devices from the internet. To do so, telecommunication providers in Germany are working to notify affected users by looking at IP addresses associated with the malware.
The BSI didn’t immediately respond to a request for comment, so it’s unclear which specific products hosted the threat or how they became infected. But the agency’s warning notes the malware can also affect tablets and phones.
It’s not the first time that malware has been found preinstalled over consumer electronics. Last year, a security consultant discovered an Android TV box sold over Amazon had been secretly loaded with malware.
Recommended by Our Editors
Hence, users should be careful when buying electronics from little-known manufacturers. The BSI is also urging consumers to “pay attention to the safety features, official manufacturer support and an up-to-date operating system version” when buying electronic devices.
Google also responded to the news and said: “These off-brand devices discovered to be infected were not Play Protect certified Android devices. If a device isn’t Play Protect certified, Google doesn’t have a record of security and compatibility test results.”
The company added that “Play Protect certified Android devices undergo extensive testing to ensure quality and user safety. To help you confirm whether or not a device is built with Android TV OS and Play Protect certified, our Android TV website provides the most up-to-date list of partners. You can also take these steps to check if your device is Play Protect certified.”
Like What You’re Reading?
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
About Michael Kan
Senior Reporter
