Tens of thousands of Android devices have been shipped with backdoored firmware, allowing threat actors to carry out ad-fraud schemes and other malicious activities. The firmware compromise was part of a global cybercriminal operation called BadBox, in which the Triada malware was injected into the devices. The infected devices were found in public school networks in the United States and were traced back to a Chinese manufacturer. The malware, discovered in 2016, is a modular trojan that resides in a device’s RAM and uses root privileges to substitute system files. The BadBox operation not only carried out ad-fraud schemes but also involved the sale of access to victims’ networks and the remote installation of new apps or code without the device owners’ permission. Users are advised to choose familiar brands when purchasing new products to avoid purchasing infected devices.
| Signal | Change | 10y horizon | Driving force |
|---|---|---|---|
| Android devices shipped with backdoored firmware | The compromise of supply chain security in Android devices | Enhanced security measures to prevent supply chain compromise | Cybersecurity and privacy concerns |