Researchers from multiple companies say the sport appears to have come from an ecosystem of loosely connected links of fraudulent organizations, rather than an actor. Each group has its own version of Badbox 2.0 backdoor and malware modules and distributes the software in a variety of ways. In some cases, malicious applications are pre-installed on tradeoff devices, but in many examples tracked by researchers, attackers are tricking users into installing tradeoff applications without knowing it.
The researchers highlighted a technique in which the scammers created a benign app (for example, a game) that placed it in Google’s Play Store to show that it had been censored, but then tricked users into downloading nearly the same version of the app, which was not hosted in the official App Stores and were malicious. The researchers say this “evil twin” app has appeared at least 24 times, allowing attackers to run ad fraud in Google Play versions of their apps and distribute malware in their impostor apps. Humans have also found that scammers have distributed over 200 reconstructed versions of popular, mainstream applications, another way to spread backdoors.
“We saw four different types of fraud modules – two ad fraud modules, one fake click one, and then a residential proxy network, but it’s scalable,” said Lindsay Kaye, vice president of Human Threat Intelligence. “So you can imagine that if time lasts and they can develop more modules, maybe more relationships, there is a chance to have more modules.”
Researchers at Security Company Trends collaborated with humans to conduct a Badbox 2.0 survey, especially focusing on the participants behind the event.
“The operation is very large,” said trend microthreat researcher Fyodor Yarochkin, who added that while any group has “easy devices online at most,” “this is just a lot of devices currently connected to their platform. If you calculate all the devices that may have payloads, it could be more than millions.”
Yarochkin added that many of the groups involved appeared to have some connection with the Chinese gray market advertising and marketing companies. More than a decade ago, Yarochkin explained that there is Various Legal Case In China In it, the company installed a “silent” plugin on the device and used it for various seemingly fraudulent activities.
“The companies that basically survived mid-2015 are adaptive companies,” Yarochkin said, noting that his investigation has now identified several “business entities” in China that seem to be related to some of the groups associated with Badbox 2. These links include economic and technical links. “We’ve identified their address and have seen some pictures of their office, and they have some employees’ accounts on LinkedIn,” he said.
Humans, Trends Micro and Google are also working with Internet Security Group Shadow Server With as many BadBox 2.0 infrastructure as possible Sinking The botnet basically sends its traffic to a blank. But researchers warn that after the fraudster rotates Revelation about the original villain planunlikely to permanently end Badbox 2.0.
“As a consumer, you should remember that if the device is too cheap to be real, you should be prepared to have other surprises hidden in the device,” said Yarochkin of Trend Micro. “Unless cheese is in the mousetrap, there is no free cheese.”
