Brother
Professional
- Messages
- 2,590
- Reaction score
- 526
- Points
- 113
The number of infected devices is growing every day. How do I protect myself?
Beijing-based Qianxin identified a cybercrime network called "Bigpanzi" that infects Android TV and eCos devices with malware. The geography of infections is truly extensive, and the grouping has been functioning since 2015.
According to the report, this group operates a large-scale botnet network with a daily activity of about 170,000 bots, with more than 1.3 million unique IP addresses seen since August, mainly in Brazil.
Attackers infect devices through fake firmware updates or apps that users install on their own, as the September Doctor Web report points out.
Bigpanzi uses infected devices as nodes for illegal media streaming platforms, proxy traffic networks, distributed denial-of-service (DDoS) attacks, and OTT content delivery.
Qianxin's report focuses on two malware tools used by Bigpanzi: pandoraspear and pcdn. So, "Pandoraspear" acts as a backdoor Trojan, it intercepts DNS settings, establishes communication with the management server (C2) and executes commands received from it. This virus supports a number of commands that allow you to manipulate DNS settings, initiate DDoS attacks, update yourself, create reverse shells, manage communication with C2, and execute arbitrary commands in the OS.
The second tool, "pcdn", is used to create a peer-to-peer content distribution network (CDN) on infected devices and also has DDoS capabilities.
Qianxin researchers gained insight into the botnet's scale by intercepting two C2 domains used by attackers and conducting a seven-day surveillance. As mentioned above, "Bigpanzi" at its peak activity has 170,000 bots per day, although in fact there may be more infected devices — hardly all infected TV boxes will be active at the same time.
Malware instances analyzed by Chinese researchers even led them to a suspicious YouTube channel controlled by Bigpanzi. However, the Qianxin report did not reveal any details about the attribution of this malicious network.
Moving back from theoretical research to real life: so how do you recognize that your set-top box or smart TV is infected with a botnet? Possible signs include interface slowdowns, device overheating for no apparent reason, or increased traffic during downtime. Many modern routers and Wi-Fi access points allow you to track the activity of connected devices. If the TV or set-top box generates abnormal traffic volumes — this may indicate infection.
To avoid becoming a victim, you should be careful not to install unverified software or firmware updates from questionable resources. Unfortunately, many devices in this segment do not have reliable protection against malware, so the risk of becoming a victim of hackers when using them increases many times.
Beijing-based Qianxin identified a cybercrime network called "Bigpanzi" that infects Android TV and eCos devices with malware. The geography of infections is truly extensive, and the grouping has been functioning since 2015.
According to the report, this group operates a large-scale botnet network with a daily activity of about 170,000 bots, with more than 1.3 million unique IP addresses seen since August, mainly in Brazil.
Attackers infect devices through fake firmware updates or apps that users install on their own, as the September Doctor Web report points out.
Bigpanzi uses infected devices as nodes for illegal media streaming platforms, proxy traffic networks, distributed denial-of-service (DDoS) attacks, and OTT content delivery.
Qianxin's report focuses on two malware tools used by Bigpanzi: pandoraspear and pcdn. So, "Pandoraspear" acts as a backdoor Trojan, it intercepts DNS settings, establishes communication with the management server (C2) and executes commands received from it. This virus supports a number of commands that allow you to manipulate DNS settings, initiate DDoS attacks, update yourself, create reverse shells, manage communication with C2, and execute arbitrary commands in the OS.
The second tool, "pcdn", is used to create a peer-to-peer content distribution network (CDN) on infected devices and also has DDoS capabilities.
Qianxin researchers gained insight into the botnet's scale by intercepting two C2 domains used by attackers and conducting a seven-day surveillance. As mentioned above, "Bigpanzi" at its peak activity has 170,000 bots per day, although in fact there may be more infected devices — hardly all infected TV boxes will be active at the same time.
Malware instances analyzed by Chinese researchers even led them to a suspicious YouTube channel controlled by Bigpanzi. However, the Qianxin report did not reveal any details about the attribution of this malicious network.
Moving back from theoretical research to real life: so how do you recognize that your set-top box or smart TV is infected with a botnet? Possible signs include interface slowdowns, device overheating for no apparent reason, or increased traffic during downtime. Many modern routers and Wi-Fi access points allow you to track the activity of connected devices. If the TV or set-top box generates abnormal traffic volumes — this may indicate infection.
To avoid becoming a victim, you should be careful not to install unverified software or firmware updates from questionable resources. Unfortunately, many devices in this segment do not have reliable protection against malware, so the risk of becoming a victim of hackers when using them increases many times.
