Security researchers have recently uncovered a disturbing trend in the cybercrime landscape – a large-scale DDoS botnet that is infecting Android TV boxes and set-top boxes. This cybercrime syndicate, known as Bigpanzi, has been active since 2015 and poses a significant threat to the security of these devices.
The botnet, with its peak at 170,000 daily active bots, targets Android TV Boxes and streaming hardware through pirated apps and firmware updates, infecting potentially millions of devices. Once compromised, these devices become powerful tools for cybercriminals, enabling them to carry out various nefarious activities, including DDoS attacks and stream hijacking.
The malware responsible for this botnet, pandoraspear, incorporates 11 different DDoS attack vectors inherited from the infamous Mirai malware. This makes it a formidable threat and raises concerns about the potential misuse of the botnet.
Unfortunately, this isn’t the first time we have seen problems with these devices as there are multiple instances of them being susceptible to malware and more in the past.
- The Dangers of Cheap Streaming Boxes & Malware on Android TV
- Malware Continues to Infect Android TV Boxes & Streaming Apps
The Operations of Bigpanzi and the Scale of the Botnet
Bigpanzi’s cybercrime operations are primarily focused in Brazil, particularly in São Paulo. The researchers have gained insight into the scale of the botnet by hijacking two command and control (C2) domains used by the attackers. At its peak, the botnet had approximately 170,000 daily active bots, with over 1.3 million unique IP addresses associated with the botnet since August.
However, due to limitations in device activity and visibility, it is believed that the actual size of the botnet is larger. The malware tools used by Bigpanzi, pandoraspear and pcdn, are responsible for infecting the Android TV and eCos set-top boxes.
Pandoraspear acts as a backdoor trojan, allowing for DNS manipulation, DDoS attacks, and remote command execution. Pcdn, on the other hand, builds a peer-to-peer Content Distribution Network (CDN) and possesses DDoS capabilities.
The botnet operated by Bigpanzi is part of a complex cybercrime network that spans across Brazil. It is alarming to see the extent of their operations and the significant number of infected devices under their control. The use of advanced malware tools like pandoraspear and pcdn demonstrates the sophistication and malicious intent of the attackers.
The scale of the botnet is staggering, with hundreds of thousands of daily active bots and millions of associated IP addresses. This poses a severe threat to both the security of the infected devices and the overall stability of online services.
The Threats Posed by Bigpanzi and What You Can Do
The widespread infections caused by the Bigpanzi cybercrime syndicate have far-reaching implications that extend beyond just DDoS attacks. This notorious group has found various ways to monetize the compromised devices, utilizing them for illegal media streaming platforms, traffic proxying networks, DDoS swarm attacks, and OTT content provision.
As a result, the compromised Android TV boxes and set-top boxes become vehicles for disseminating visual and audio content without any legal constraints. This alarming trend has already led to real-world incidents involving the broadcasting of violent, terroristic, and pornographic material, and even the utilization of AI-generated videos for political propaganda.
If you are using an Android TV Box, it is extremely important to ensure your protection when streaming with these devices. We strongly recommend purchasing streaming devices from reputable outlets such as Amazon, Formuler, NVIDIA, BuzzTV, and more.
For those who wish to continue using their generic Android TV Box, we suggest installing and using Surfshark VPN with the built-in CleanWeb feature to protect your data. This is a powerful ad & malware blocker that works perfectly on streaming devices including Android TV & more.
We also recommend using VirusTotal to scan your installed applications for any viruses/malware that may be associated with them.
The report for this story was originally published by XLab which you can find below.
Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box
We want to know what you think of this story. Drop a comment in the comment section below!
Be sure to stay up-to-date with the latest streaming news, reviews, tips, and more by following the TROYPOINT Advisor with updates weekly.
This Advisor provides all the best cord-cutting tips to get the most out of your favorite streaming devices and more.
Click the link below to join the other 800,000 Advisor subscribers.