Attack of the PEACHPIT: Unearthing the Android & iOS Ad Fraud Botnet
- PEACHPIT, an ad fraud botnet, used hundreds of thousands of Android and iOS devices to generate illegal profits
- It is part of a broader China-based operation dubbed BADBOX
- BADBOX also involves selling backdoored mobile and connected TV (CTV) devices on reputed online retail and resale websites
Bad Apples in the PEACHPIT: The Botnet Scheme
Just like a rotted peach, the fraudulent ad scheme dubbed PEACHPIT has its infectious pits reaching inside the guts of Android and iOS devices, leveraging hundreds of thousands of them. But to whom does the sinful fruit of deceit fall? Into the pocket of the threat actors orchestrating this wicked play, filling it with illicit profits as plentiful as seeds in a pomegranate.
The BADBOX, or should I say, “The Baddest Box”?
We knew this plot was getting pulpy when PEACHPIT was found nestled under the shady tree of a wider China-based operation, BADBOX. But this operation isn’t just interested in harvesting rotten fruit—it also involves hawking backdoored off-brand mobile and CTV devices on popular online marketplaces and resale sites. This isn’t like slipping on your comfy old shoes, it’s like accidentally slipping on a pair with a thumbtack hidden inside.
In the grand orchard of tech, PEACHPIT stands out as the gnarled, rotten fruit on a limb. Its operation has seen hundreds of thousands of Android and iOS devices become unwilling participants in an ad fraud scheme, generating illegal profits for a cadre of invisible puppet masters. This botnet is just a single sour fruit amidst a host of others discovered growing in the wider, China-based BADBOX operation. Here, unsanctioned sales of backdoored mobile and CTV devices on popular online marketplaces join the mix, demonstrating how deep the roots of this digital deception go. In short, be wary of buying fruit—or a phone—from a stranger.
Original Article: https://thehackernews.com/2023/10/peachpit-massive-ad-fraud-botnet.html