Cybercriminals are targeting smart TVs and set-top boxes with malware and stitching them into a massive botnet network used to conduct illicit activities, like streaming pirated content and orchestrating distributed denial of service (DDoS) attacks.
Predominantly active in Brazil, the cybercrime group — dubbed “Bigpanzi” — controls a huge botnet with over 170,000 daily active bots, researchers at Qianxin Xlabs said in a report on Monday.
The group targets smart TVs and streaming devices running on eCos OS or the Android Open Source Project operating system, infecting devices using compromised audio-visual apps or firmware updates. Once compromised, devices become part of their vast botnet network.
The threat actors sought to evade Xlabs researchers when they were detected, conducting DDoS attacks on the researchers and altering host files on infected devices to hide their tracks.
“Over the past eight years, Bigpanzi has been operating covertly, silently amassing wealth from the shadows,” the researchers said, adding that their “findings represent just the tip of the iceberg in terms of what Bigpanzi encompasses.”
‘A Major Cybercrime Syndicate’
On Thursday, one of the researchers tweeted a screenshot on Twitter (X), showing that the number of Bigpanzi’s bots was at 625,000. And, it’s “still on the Rise,” he wrote.
Researchers have identified multiple tools used by Bigpanzi, including “pandoraspear,” a backdoor Trojan, and “pcdn,” which builds a streaming media platform and weaponizes devices for DDoS attacks. Pandoraspear’s functionality includes DNS (Domain Name Server) hijacking, establishing communication with C2 servers (hacker-controlled servers), and executing commands.
The researchers noted that cybercriminals can use compromised Android TVs and set-top boxes for various nefarious purposes, including launching DDoS attacks, running an illegal streaming service, and even broadcasting disturbing content to unsuspecting viewers.
“The potential for Bigpanzi-controlled TVs and STBs to broadcast violent, terroristic, or pornographic content, or to employ increasingly convincing AI-generated videos for political propaganda, poses a significant threat to social order and stability,” Xlabs said.
The identity of the threat actors behind Bigpanzi remains unclear. Xlabs’ investigation uncovered a downloader domain and linked it to a YouTube channel with videos on how to operate set-top boxes and smart TVs. They also found a malware-infected eCos system firmware file on the website of FoneStar, a Spanish manufacturer.
How to Protect Your Devices From Malware
We recommend only installing trusted apps and firmware updates on your smart TVs and streaming devices, and keeping them updated. Always verify the legitimacy of the source of an app or update. Ideally, get it from the manufacturer’s website or from recognized app stores.
Besides smart TVs, all internet-connected devices are susceptible to cyber threats. We recommend protecting your devices with a solid antivirus and anti-malware tool, like Malwarebytes. And, scan your devices for malware regularly, even if you don’t notice unusual activity or performance issues.
Additionally, use strong passwords across all your accounts — even your home WiFi network — and encrypt all your internet traffic using a top-rated Android TV VPN service, like NordVPN.
For more news, follow us on X (Twitter), Threads, and Mastodon!
