Giant Android botnet compromise thousands of Internet TV users

Human Security cybersecurity specialists reveal the finding of a massive botnet made up of compromised Android devices. This malicious operation, identified as Pareto, would aim to conduct advertising fraud related to payment connected television (CTV) services and would so far be made up of about one million infected devices.

As you will recall, the term botnet refers to a network of computer systems committed to a specific malware variant, executed autonomously and automatically and under remote control by attack operators.

Experts say hackers have used dozens of mobile apps to mimic the image of over 6,000 CTV apps, equivalent to around 650 million ad requests per day. This botnet was first identified in 2020 and since then companies such as Google and Roku have tried to mitigate their progress, although operators have managed to grow inordinately.

A characteristic feature of this botnet is that it seems to work by falsifying signals within malicious mobile apps for Android, pretending to operate as consumer TV streaming products running Roku OS, Fire OS, tvOS, among other CTV platforms.

The report notes that this botnet exploits changes in the implementation of various digital services, which came earlier than expected by the pandemic: “This approach can be particularly lucrative for threat actors, as the average price of ads on CTV platforms is much higher than ads on websites or mobile applications” , experts add.

In addition, Pareto operators have demonstrated great sophistication in their mode of operation, continuously changing phishing cycles to create new false traffic indicators.

As if that weren’t the case, experts also found a collection of at least 35 apps available in Roku Channel Store that receive instructions from the same server that operates Pareto: “This C&C server sends instructions to all compromised Android devices; Similarly, Roku apps connected to Pareto counterfeit CTV products to increase the scope of the attack,” concludes the report.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.