The cybercriminal syndicate known as Bigpanzi stands accused of organizing a massive botnet called Pandoraspear, which conducted distributed denial-of-service (DDoS) attacks.
The Pandoraspear botnet infected potentially millions of smart TVs and streaming devices, with at least 170,000 active bots during its peak campaign.
The infection mechanism primarily targets Android-based smart TVs and streaming devices. Cybercriminals exploit users who visit suspicious streaming websites on their smartphones. Upon visiting such sites, users unknowingly download malicious applications onto their Android-based TVs, enabling cybercriminals to remotely control the devices and use their resources for various criminal activities.
In December 2023, an intriguing case occurred involving the hijacking of regular broadcasts in the United Arab Emirates, where original content was replaced with images from the Israel-Palestine conflict. Researchers from the Chinese firm Qianxin expressed concerns about the potential transmission of violent, terrorist, or pornographic content through these compromised devices, posing a significant threat to social order.
The Pandoraspear botnet inherits DDoS attacks from the well-known Mirai malware. Research conducted by Qianxin revealed that the malicious software adds 11 different Mirai-related DDoS attack vectors to its command list, demonstrating the evolving nature of tactics used by cybercriminals.
Active since at least 2015, Bigpanzi has primarily focused its operations in Brazil, particularly in São Paulo. The scale of the botnet became apparent when researchers took control of two out of the nine domains used for the botnet’s management and control infrastructure. However, the criminals responded by launching DDoS attacks to disable these domains.
Despite the efforts of researchers, much remains unknown about Bigpanzi, and tracking their activities remains a constant challenge. The syndicate appears to be shifting their DDoS operations to another botnet, indicating a strategic shift towards more lucrative cybercriminal activities, such as using it as a content delivery network.
As the investigation into Bigpanzi continues, cybersecurity experts encourage collaboration among communities operating in this field to combat this evolving threat.