Cybersecurity firm QiAnXin has issued a warning about a widespread botnet attack campaign called “Bigpanzi” that has been targeting smart TVs and Android-based set-top boxes since 2015. According to QiAnXin, hackers are using free or inexpensive audio-visual content playback applications to convince users to install them on their devices. They then transform these devices into elements of the Bigpanzi botnet through the introduction of hidden components, which are used for malicious activities such as traffic proxying, DDoS attacks, delivering over-the-top (OTT) content, and internet traffic piracy.
QiAnXin’s analysis also reveals that Bigpanzi uses smart TVs and set-top boxes for the distribution of audio-visual content. One example is an attack on set-top boxes in the United Arab Emirates, during which the attackers replaced regular broadcasts with segments related to the Israeli-Palestinian conflict. The use of TVs and set-top boxes to transmit such content, as well as the potential for using increasingly convincing artificially generated videos for propaganda purposes, poses a serious threat to social order and stability, warn researchers at QiAnXin.
The researchers note that the hacking group responsible for the attack has been operating for eight years and successfully concealing its connections. It infects users’ devices through pirated applications for watching movies and TV shows on Android devices, backdoored firmware on Android devices, and backdoored firmware named “SmartUpTool” on devices using the eCos system.
According to the research, the peak number of active bots in the campaign reached around 170,000, mainly in Brazil. Botnet nodes are primarily distributed in Brazil, with over 1.3 million unique IP addresses since August, according to QiAnXin.
The researchers emphasize that the size of the botnet is just the tip of the iceberg, and there is a possibility that it is even larger than the available data suggests. This is due to observational limitations and the fact that TVs and set-top boxes are often not powered on all the time.
QiAnXin encourages the cybersecurity community to share their observations and collaborate to combat the threat posed by the Bigpanzi botnet.
FAQ
The source of the article is from the blog be3.sk