The cyber research group Qianxin from Beijing has exposed the Cybercrowning network known as “Bigpanzi.” This network specializes in infecting malicious devices that run on Android TV and Ecos platforms. Operating since 2015, this group has infected devices across a wide geographical area.
Experts have discovered that Bigpanzi controls a massive botnet network with approximately 170,000 bots active on a daily basis. Since August, more than 1.3 million unique IP addresses have been identified, primarily in Brazil.
Attackers gain access to devices by tricking users into installing fake firmware updates or applications, as reported by “Doctor Web” in September.
Bigpanzi exploits infected devices for various illegal activities, such as running media stand-up platforms, operating proxy traffic networks, launching distributed denial-of-service (DDoS) attacks, and providing content through over-the-top (OTT) services.
The Qianxin report highlights two malicious software tools used by Bigpanzi: “Pandoraspear” and “PCDN.” For instance, “Pandoraspear” functions as a Trojan-Backdoor by intercepting device settings.
Additionally, this group utilizes “PCDN,” a system that enables users to search for resources on the internet using memorable domain names instead of complex numerical IP addresses.