Just a sample of the Echomail archive
Cooperative anarchy at its finest, still active today. Darkrealms is the Zone 1 Hub.
|    CONSPRCY    |    How big is your tinfoil hat?    |    2,445 messages    |
[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]
|    Message 644 of 2,445    |
|    Mike Powell to All    |
|    BadBox malware hit after    |
|    06 Mar 25 09:06:00    |
      TZUTC: -0500       MSGID: 358.consprcy@1:2320/105 2c2ee493       PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0       TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0       BBSID: CAPCITY2       CHRS: ASCII 1       BadBox malware hit after infecting over 500,000 Android devices              Date:       Thu, 06 Mar 2025 12:27:00 +0000              Description:       An undisclosed number of domains were sinkholed in strike against BadBox       malware.              FULL STORY              BadBox 2.0, the spiritual successor of the BadBox Android malware , has been       disrupted after cybersecurity experts from the HUMAN's Satori Threat       Intelligence team, together with multiple partners, removed dozens of       malicious apps from the Play Store, banned their developers, and sinkholed       communications for hundreds of thousands of infected devices.               The infected devices are Android Open Source Project devices, not Android TV       OS devices or Play Protect certified Android devices. All of these devices        are manufactured in mainland China and shipped globally, the researchers       explained.               In total, 24 malicious apps on the Play Store distributing BadBox 2.0 were       removed, and the developer accounts that uploaded these apps were banned from       the platform. HUMAN then also sinkholed an undisclosed number of domains,       effectively cutting off communications between the malware and the C2 servers       - so in other words, the devices are still infected, but the malware is       non-operational.              Sinkholing the domains               BadBox is a piece of malware that turns infected Android devices into       residential proxies. They are used in ad fraud, credential stuffing, and        other forms of cybercrime. Apparently, BadBox infected hundreds of thousands       of devices, from TV streaming boxes, to smart TVs, and smartphones. No one       knows exactly how these devices ended up being infected. Some believe they       were compromised in early production, while others claim BadBox was dropped       somewhere along the supply chain. In any case, these are overwhelmingly       low-price-point, off-brand, or uncertified devices.               German authorities recently disrupted the operation within its borders, but       that only sidetracked it a little. In the weeks following the operation,       BadBox grew to more than a million infected devices (although they were        mostly located outside Germany, in countries such as Brazil, the US, and       Mexico).               Given its size and resilience, security researchers from HUMAN dubbed it       BadBox 2.0. Now, together with Google, Trend Micro, The Shadowserver       Foundation, and other partners, HUMAN disrupted the new operation in multiple       ways.               As usual, the best way to defend against these attacks is to buy hardware and       software from reputable sources, keep the assets updated, and monitor for       malicious activity.                Via BleepingComputer              ======================================================================       Link to news story:       https://www.techradar.com/pro/security/badbox-malware-hit-after-infecting-over       -500-000-android-devices              $$       --- SBBSecho 3.20-Linux        * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)       SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30       SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664       SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45       SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35       PATH: 2320/105 229/426           |
[   << oldest   |   < older   |   list   |   newer >   |   newest >>   ]
(c) 1994, bbs@darkrealms.ca