‘Pandoraspear’ botnet hijacks smart TVs and boxes

Ryan Daws is a senior editor at TechForge Media, with a seasoned background spanning over a decade in tech journalism. His expertise lies in identifying the latest technological trends, dissecting complex topics, and weaving compelling narratives around the most cutting-edge developments. His articles and interviews with leading industry figures have gained him recognition as a key influencer by organisations such as Onalytica. Publications under his stewardship have since gained recognition from leading analyst houses like Forrester for their performance. Find him on X (@gadget_ry) or Mastodon (@gadgetry@techhub.social)

Cybercrime syndicate Bigpanzi stands accused of orchestrating a massive Distributed Denial of Service (DDoS) botnet named ‘Pandoraspear’.

Pandoraspear has reportedly infected potentially millions of smart TVs and set-top boxes, with at least 170,000 bots actively running during the campaign’s peak.

The infection mechanism primarily targets Android-based smart TVs and streaming hardware, exploiting users who visit dubious streaming sites on their smartphones. Upon accessing such sites, users unwittingly download malicious apps to their Android-based smart TVs—allowing cybercriminals to backdoor the devices and use their resources for various cybercrimes.

One alarming case in December 2023 involved the hijacking of regular broadcasts in the United Arab Emirates, where imagery from the conflict between Israel and Palestine replaced the original content. Security researchers from Chinese firm Qianxin have expressed concerns about the potential for these compromised devices to broadcast violent, terroristic, or pornographic content, posing a significant threat to social order.

The botnet, named ‘Pandoraspear,’ has inherited DDoS attack vectors from the infamous Mirai malware. Qianxin’s investigation revealed that the malware added 11 different Mirai-related DDoS attack vectors to its command list, showcasing the evolving nature of cybercrime tactics.

Bigpanzi – active since at least 2015 – has concentrated its efforts primarily in Brazil, particularly in São Paulo. The scale of the botnet became apparent when researchers seized control of two of the nine domains used for the botnet’s command and control infrastructure. However, the criminals responded by launching DDoS attacks to force the domains offline.

Despite the researchers’ efforts, much remains unknown about Bigpanzi, and tracing their activities is an ongoing challenge. The cybercrime syndicate appears to have shifted its DDoS operations to another botnet—indicating a strategic shift towards more lucrative cybercrimes, such as using it as a content delivery network.

As cybersecurity experts continue their investigation into Bigpanzi, collaboration within the cybersecurity community is encouraged to combat this evolving threat.

(Photo by Jonas Leupe on Unsplash)

See also: Vodafone partners with Microsoft to scale its new IoT business

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber Security & Cloud Expo taking place in Amsterdam, California, and London. The comprehensive event is co-located with IoT Tech Expo and Digital Transformation Week.

Additionally, the upcoming Cloud Transformation Conference is a free virtual event for business and technology leaders to explore the evolving landscape of cloud transformation. Book your free virtual ticket to explore the practicalities and opportunities surrounding cloud adoption.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: , , , , , , , , , , ,

View Comments
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *