HUMAN is Named a Leader and Earns Top Scores in Nine Criteria in the Forrester Wave™: Bot Management Software, Q3 2024

UNPACKING BADBOX

A Satori Team Investigation and Disruption

HUMAN’s Satori Threat Intelligence and Research team announced the disruption of the PEACHPIT ad fraud botnet and their research into the larger BADBOX fraud empire. Let's unpack what we discovered.

Unpacking_BadBox

WHAT IS BADBOX?

BadBox
BADBOX is a complex threat actor scheme that begins with malware deployed on physical off-brand Android devices (TVs, cellphones, tablets) along the supply chain process in China.
Triada
TRIADA is the malware of choice used to get BADBOX into these off-brand devices.
PeachBox

Our team’s investigation of the PEACHPIT ad fraud botnet led us to discover a connection with BADBOX. HUMAN’s Satori Threat Intelligence and Research Team observed more than 74,000 Android-based mobile phones, tablets, and CTV boxes showing signs of infection.

WHAT IS PEACHPIT?

What_is_peachbox

200,000
unique devices

PEACHPIT is an ad fraud branch that comes from the root of the BADBOX tree.

The PEACHPIT botnet’s conglomerate of associated apps were found in 227 countries and territories, with an estimated peak of 121,000 devices a day on Android and 159,000 devices a day on iOS.

The collection of 39 Android, iOS, and CTV-centric apps impacted by the scheme were installed more than 15 million times before the apps were taken down.

Who is Impacted?

BADBOX_affects_consumers

BADBOX affects consumers from both the public and private sector.

If left unchecked, the PEACHPIT ad fraud linked to BADBOX would continue to expand.
Unchecked_the_PEACHBOX

HUMAN’S_visibility

HUMAN's visibility allowed us to identify more than 200 potentially impacted device types.

Of the devices HUMAN acquired from online retailers, 80% were infected with BADBOX.

How HUMAN is
Disrupting PEACHPIT

PEACHPIT Volume Over Time

Human PEACHBOX Graph

Our process involves checking for adapted and recurring threats.

Our visibility and extensive data resources led us to uncover the PEACHPIT ad fraud botnet,  and subsequently the BADBOX operation.

Once identified, we worked with industry partners to disrupt the PEACHPIT threat in realprotect our partners and their customers. This is the result of modern defense at work.

HUMAN applies modern
defense to make these
operations more expensive
for fraudsters.

Together, we can disrupt the economics of cybercrime.

Be the first to see our next takedown.

Don’t fight fraud alone.

Reach out to our expert Humans to learn more about threats to the programmatic
ecosystem and how we can stop them together.

Related Resources