Advisory ID: NCC-CSIRT-101023-037
Summary: The PEACHPIT Ad Fraud Botnet is part of a larger operation called BADBOX, which involves the sale of off-brand mobile and connected TV (CTV) devices on popular online marketplaces and resale sites. These devices are tainted with Android malware called Triada.
The threat also allows hackers to create messaging accounts on platforms like WhatsApp by pilfering one-time passwords from the compromised devices. Additionally, it enables them to create Gmail accounts that appear legitimate and evade bot detection.
Threat Type(s): Malware
Impact/Vulnerability: HIGH/CRITICAL
Product(s): Android and iOS device types, including mobile phones, tablets, and CTV products.
Platform(s): Android and iOS Operating Systems
Version(s): All Versions
Description: The PEACHPIT botnet’s network of associated apps was discovered in 227 countries and territories, reaching a peak of 121,000 Android devices and 159,000 iOS devices daily. Infections occurred through 39 apps that were downloaded more than 15 million times.
The attribute of this Ad fraud is the use of counterfeit apps available on significant app marketplaces like the Apple App Store and Google Play Store, as well as apps automatically downloaded onto compromised BADBOX devices. These apps contain a module responsible for creating hidden WebViews that are then used to request, render, and click on ads, and masquerading the ad requests as originating from legitimate apps.
Consequences: The malware-infected devices enabled the operators to steal sensitive data, establish residential proxy exit peers, and carry out ad fraud through fraudulent apps.
Solution:
- Do not click on ads, especially those that include typos, unfamiliar brand names, or offer services that sound too good to be true.
- If you cannot find any information on the company of a device you are buying, avoid it.
- When buying devices online, you will find a never-ending stream of good deals. When you come across one of those deals that appeals to you, the first thing you should do is research the brand device name.
- If you find information from a reliable source that indicates the brand is both legit and trustworthy, you can continue considering the purchase. Otherwise, do not even bother putting that item in your shopping cart.
References:
https://thehackernews.com/2023/10/peachpit-massive-ad-fraud-botnet.html
https://www.purevpn.com/blog/news/beware-of-devices-with-an-ad-fraud-botnet-named-peachpit/
https://www.zdnet.com/article/newly-discovered-android-malware-has-infected-thousands-of-devices/