Unraveling PEACHPIT: Exposing the Massive Ad Fraud Botnet on Android & iOS Devices

Unraveling PEACHPIT: Exposing the Massive Ad Fraud Botnet on Android & iOS Devices

Attack of the PEACHPIT: Unearthing the Android & iOS Ad Fraud Botnet

Main points

  • PEACHPIT, an ad fraud botnet, used hundreds of thousands of Android and iOS devices to generate illegal profits
  • It is part of a broader China-based operation dubbed BADBOX
  • BADBOX also involves selling backdoored mobile and connected TV (CTV) devices on reputed online retail and resale websites

Bad Apples in the PEACHPIT: The Botnet Scheme

Just like a rotted peach, the fraudulent ad scheme dubbed PEACHPIT has its infectious pits reaching inside the guts of Android and iOS devices, leveraging hundreds of thousands of them. But to whom does the sinful fruit of deceit fall? Into the pocket of the threat actors orchestrating this wicked play, filling it with illicit profits as plentiful as seeds in a pomegranate.

The BADBOX, or should I say, “The Baddest Box”?

We knew this plot was getting pulpy when PEACHPIT was found nestled under the shady tree of a wider China-based operation, BADBOX. But this operation isn’t just interested in harvesting rotten fruit—it also involves hawking backdoored off-brand mobile and CTV devices on popular online marketplaces and resale sites. This isn’t like slipping on your comfy old shoes, it’s like accidentally slipping on a pair with a thumbtack hidden inside.

Summary

In the grand orchard of tech, PEACHPIT stands out as the gnarled, rotten fruit on a limb. Its operation has seen hundreds of thousands of Android and iOS devices become unwilling participants in an ad fraud scheme, generating illegal profits for a cadre of invisible puppet masters. This botnet is just a single sour fruit amidst a host of others discovered growing in the wider, China-based BADBOX operation. Here, unsanctioned sales of backdoored mobile and CTV devices on popular online marketplaces join the mix, demonstrating how deep the roots of this digital deception go. In short, be wary of buying fruit—or a phone—from a stranger.

Original Article: https://thehackernews.com/2023/10/peachpit-massive-ad-fraud-botnet.html


0

Your Cart Is Empty

No products in the cart.