Tag: TV’s | SpinSafe

Vast botnet hijacks smart TVs for prime-time cybercrime • The Register

January 27, 2024/in Internet Security

Updated Security researchers have pinned a DDoS botnet that’s infected potentially millions of smart TVs and set-top boxes to an eight-year-old cybercrime syndicate called Bigpanzi.

At least 170,000 bots were running daily at the campaign’s height after infecting Android-based TVs and other streaming hardware via pirated apps and firmware updates.

A common infection scenario would see a user visit a dodgy streaming site while browsing on their smartphone, only to then be pushed into downloading the associated malicious app to their Android-based smart TV.

A user would then have their device backdoored and its resources made available for use in various cybercrimes, including DDoS attacks and hijacking other streams, replacing other channels’ content with an attacker’s.

Such a case happened in the United Arab Emirates back in December 2023, for example, where regular broadcasts were hijacked with imagery from inside the conflict between Israel and Palestine.

“The potential for Bigpanzi-controlled TVs and STBs to broadcast violent, terroristic, or pornographic content, or to employ increasingly convincing AI-generated videos for political propaganda, poses a significant threat to social order and stability,” said researchers at Chinese security biz Qianxin.

The researchers didn’t detail the history of the botnet’s DDoS activity or blame it for any high-profile attacks, but to get a feel for what it’s capable of, its DDoS commands are inherited from the infamous Mirai.

Qianxin’s investigation revealed the malware, called pandoraspear, added 11 different Mirai-related DDoS attack vectors to its list of commands after the first few versions had comparably weaker tools in this area.

As we all know, Mirai was responsible for some of the most high-profile DDoS attacks from yesteryear, including those on Dyn, GitHub, Reddit, and Airbnb – all falling on that one October 2016 day that broke the internet (not in the viral sensation kind). It’s also a malware that just keeps cropping up and is under active development to this day.

In trying to trace the identity of those behind pandoraspear, Qianxin’s researchers eventually narrowed their search down to a single company but…

Source…

‘Pandoraspear’ botnet hijacks smart TVs and boxes

January 24, 2024/in Internet Security

Cybercrime syndicate Bigpanzi stands accused of orchestrating a massive Distributed Denial of Service (DDoS) botnet named ‘Pandoraspear’.

Pandoraspear has reportedly infected potentially millions of smart TVs and set-top boxes, with at least 170,000 bots actively running during the campaign’s peak.

The infection mechanism primarily targets Android-based smart TVs and streaming hardware, exploiting users who visit dubious streaming sites on their smartphones. Upon accessing such sites, users unwittingly download malicious apps to their Android-based smart TVs—allowing cybercriminals to backdoor the devices and use their resources for various cybercrimes.

One alarming case in December 2023 involved the hijacking of regular broadcasts in the United Arab Emirates, where imagery from the conflict between Israel and Palestine replaced the original content. Security researchers from Chinese firm Qianxin have expressed concerns about the potential for these compromised devices to broadcast violent, terroristic, or pornographic content, posing a significant threat to social order.

The botnet, named ‘Pandoraspear,’ has inherited DDoS attack vectors from the infamous Mirai malware. Qianxin’s investigation revealed that the malware added 11 different Mirai-related DDoS attack vectors to its command list, showcasing the evolving nature of cybercrime tactics.

Bigpanzi – active since at least 2015 – has concentrated its efforts primarily in Brazil, particularly in São Paulo. The scale of the botnet became apparent when researchers seized control of two of the nine domains used for the botnet’s command and control infrastructure. However, the criminals responded by launching DDoS attacks to force the domains offline.

Despite the researchers’ efforts, much remains unknown about Bigpanzi, and tracing their activities is an ongoing challenge. The cybercrime syndicate appears to have shifted its DDoS operations to another botnet—indicating a strategic shift towards more lucrative cybercrimes, such as using it as a content delivery network.

As cybersecurity experts continue their investigation into Bigpanzi,…

Source…

‘Bigpanzi’ Botnet Campaign Targets Android TVs, Set-Top Boxes

January 20, 2024/in Internet Security

When asked about smart home devices, cybersecurity experts will generally say to be wary of them, or at least make sure they’re segmented from the home’s main network or on a VLAN. And, when asked about which devices gives them most pause, they will largely agree that smart TVs are the most insecure devices that can appear on a home’s network. Now, a Chinese cybersecurity firm is confirming those suspicions and is sounding the alarm on a large botnet campaign called “Bigpanzi” that is targeting Android OS smart TVs and set-top boxes and has been active since 2015.

QiAnXin, a cybersecurity service and anti-virus software firm says the hackers entice users to install free or cheap audiovisual apps for firmware updates and embed backdoor components to transform those devices into part of the Bigpanzi botnet to carry out further malicious activity, such as traffic proxying, DDoS attacks, OTT content provision and pirating traffic.

Unlike a typical botnet, Bigpanzi’s activities extend far beyond DDoS attacks, using Android TVs and set-top boxes to disseminate visual or audio content.

One example was a network attack on set-top boxes in the United Arab Emirates in which attackers substituted regular broadcasts with footage of the Israel-Palestine conflict, according to QiAnXin.

“The potential for Bigpanzi-controlled TVs and STBs to broadcast violent, terroristic, or pornographic content, or to employ increasingly convincing AI-generated videos for political propaganda, poses a significant threat to social order and stability,” company researchers write in a blog.

Researchers say the hacking group, which has successfully hidden themselves for eight years, infects user devices via pirated movie and TV apps on Android devices, backdoored generic OTA firmware on Android devices, and backdoored “SmartUpTool” firmware on eCos devices.

Researchers say the peak daily active bots in the campaign were around 170,000, primarily in Brazil. Nodes are primarily distributed across Brazil, amazing over 1.3 million distinct IPs since August, the company says.

While a botnet of that size is alarming enough,…

Source…

Deals on laptops, TVs and more

September 2, 2022/in Internet Security

Monday is Labor Day, and in addition to spending the unofficial end of summer grilling in the backyard or tanning at the beach, you can shop sales on everything from tech, to mattresses, to furniture. If you’re in the market for a new TV for football Sundays this fall, or for a new eReader or iPad for evenings by the fireplace, now is the time to look.

This Labor Day, popular retailers like Amazon, Best Buy and Target are offering discounts on 4K TVs, laptops and headphones from brands like Apple, Sonos and Google. We’ve rounded up some of the best Labor Day sales and highlighted some standout deals.

Best Labor Day tech deals

Almost all of the following products are discounted for Labor Day weekend and are at their lowest price in at least three months, according to price tracking tools like Honey and CamelCamelCamel. In some cases, we previously recommended these items in our tech coverage at full price.

Apple 10.2” iPad

Fall means curling up on the couch in your comfiest sweater with your tablet. This model, currently 15% off, has a 10.2-inch retina display, offers up to 256GB of storage and has built-in stereo speakers. Its Touch ID ensures authentication and Apple Pay remain secure.

MacBook Pro 14″ Laptop – Apple M1 Pro chip

MacBook Pro 16″ Laptop – Apple M1 Pro chip

If you’re starting a new semester at college or just need a laptop upgrade, both the Macbook Pro Laptop M1 14-inch and 16-inch options are at their lowest price in months. Both models offer 16GB of RAM, a liquid retina XDR display, and an array of ports including Thunderbolt 4, HDMA and MagSafe. Though Apple debuted its first laptops with an M2 chip earlier this summer, the M1 option is available at an excellent price.

MacBook Pro 14" Laptop - Apple M1 Pro chip

MacBook Pro 16" Laptop - Apple M1 Pro chip

Samsung S95B OLED TV (55”)

At $500 off, this 55-inch Samsung 4K TV might be one of the best Labor Day deals of the holiday weekend. Organic LED TVs (OLED) are widely considered the best TVs you can buy today, as we previously reported in our guide to the best smart TVs, due to the picture’s depth of color. With an OLED television, each pixel emits its own light, which means pixels in dark areas can turn themselves off entirely, creating perfect, inky blacks (compared to the slightly greyer blacks…

Source…

Tag Archive for: TV’s

Best Labor Day tech deals