An ad fraud botnet called PEACHPIT has been discovered, which uses hundreds of thousands of Android and iOS devices to generate income for the hackers involved. This botnet is part of a larger scheme known as BADBOX, which involves selling off-brand mobile and connected TV devices that have been infected with a type of Android malware called Triada. The fraud prevention firm, HUMAN, found that the PEACHPIT botnet’s associated applications were present in 227 countries and territories, and were being installed on approximately 121,000 Android devices and 159,000 iOS devices daily. The malware on these devices allowed the hackers to steal sensitive information, create fictitious exit points, and engage in ad fraud using deceptive applications. The exact method through which the Android devices became infected is unclear, but there are indications of a hardware supply chain attack. The hackers could also utilize these infected devices to create undetected WhatsApp and Gmail accounts. This criminal enterprise was initially documented by Trend Micro and is attributed to a group known as Lemon Group. HUMAN has identified over 200 types of infected Android devices, including phones, tablets, and connected TVs. Counterfeit applications were being employed on major app marketplaces such as Apple’s App Store and Google Play Store, and were also being automatically downloaded onto BADBOX devices. The Android applications contained a component that generated hidden WebViews to generate ad clicks while masquerading as legitimate applications. HUMAN has collaborated with Apple and Google to disrupt the operation, resulting in the takedown of the servers powering the BADBOX infection. However, it is suspected that the attackers are altering their tactics to avoid detection.
Source: Hackernews
To mitigate potential threats, it is important to implement additional cybersecurity measures with the help of a trusted partner like INFRA www.infrascan.net or you can try your self using check.website.