{"id":54034,"date":"2023-10-09T01:27:10","date_gmt":"2023-10-09T01:27:10","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\/"},"modified":"2023-10-09T01:27:10","modified_gmt":"2023-10-09T01:27:10","slug":"chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\/","title":{"rendered":"Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign"},"content":{"rendered":"<p><span class=\"label\">Infosec in brief<\/span> Bot defense software vendor Human Security last week <a target=\"_blank\" href=\"https:\/\/www.humansecurity.com\/learn\/blog\/badbox-peachpit-and-the-fraudulent-device-in-your-delivery-box\" rel=\"noopener\">detailed<\/a> an attack that &#8220;sold off-brand mobile and Connected TV (CTV) devices on popular online retailers and resale sites \u2026 preloaded with a known malware called Triada.&#8221;<\/p>\n<p>Human named the campaign to infect and distribute the Android devices BADBOX. The infected devices were sold for under $50. Human&#8217;s researchers found over 200 models with pre-installed malware, and when it went shopping for seven particular devices found that 80 percent of units were infected with BADBOX.<\/p>\n<p>Analysis of infected devices yielded intel on an ad fraud module Human&#8217;s researchers named PEACHPIT. At its peak, PEACHPIT ran on a botnet spanning 121,000 devices a day on Android. The attackers also created malicious iOS apps, which ran on 159,000 Apple devices a day at the peak of the PEACHPIT campaign.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"condor\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Those infected devices delivered over four billion ads a day \u2013 all invisible to users.<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xmd=\",fluid,mpu,leaderboard,\" data-lg=\",fluid,mpu,leaderboard,\" data-xlg=\",fluid,billboard,superleaderboard,mpu,leaderboard,\" data-xxlg=\",fluid,billboard,superleaderboard,brandwidth,brandimpact,leaderboard,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<div class=\"adun_eagle_desktop_story_wrapper\">\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"mid\" data-raptor=\"eagle\" data-xxlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<\/p><\/div>\n<p>Human Security&#8217;s <a target=\"_blank\" href=\"https:\/\/www.humansecurity.com\/hubfs\/HUMAN_Report_BADBOX-and-PEACHPIT.pdf\" rel=\"noopener\">technical report<\/a> [PDF] on BADBOX and PEACHPIT describes the campaign: &#8220;A Chinese manufacturer (possibly many manufacturers) builds a wide variety of Android-based devices, including phones, tablets, and CTV boxes.<\/p>\n<p>&#8220;At some point between the manufacturing of these products and their delivery to resellers, physical retail stores and e-commerce warehouses, a firmware backdoor \u2026 gets installed and the product boxes are sealed in plastic, priming these devices for fraud on arrival at their destination.&#8221;<\/p>\n<div aria-hidden=\"true\" class=\"adun\" data-pos=\"top\" data-raptor=\"falcon\" data-xsm=\",fluid,mpu,\" data-sm=\",fluid,mpu,\" data-md=\",fluid,mpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=4&amp;c=44ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D426raptor%3Dfalcon%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>Human Security worked with Apple and Google to disrupt PEACHPIT, but warned BADBOX devices remain plentiful.<\/p>\n<p>&#8220;Anyone can accidentally buy a BADBOX device online without ever knowing it was fake, plug it in, and unknowingly open this backdoor malware,&#8221; wrote Human Security&#8217;s Rosemary Cipriano. &#8220;This malware can be used to steal PII, run hidden bots, create residential proxy exit peers, steal cookies and one-time passwords, and more unique fraud schemes.&#8221;<\/p>\n<p> <em>\u2013 Simon Sharwood<\/em>\n<\/p>\n<div aria-hidden=\"true\" class=\"adun\" id=\"story_eagle_xsm_sm_md_xmd_lg_xlg\" data-pos=\"mid\" data-raptor=\"eagle\" data-xsm=\",mpu,dmpu,\" data-sm=\",mpu,dmpu,\" data-md=\",mpu,dmpu,\" data-xmd=\",mpu,dmpu,\" data-lg=\",mpu,dmpu,\" data-xlg=\",mpu,dmpu,\"> <noscript> <a href=\"https:\/\/pubads.g.doubleclick.net\/gampad\/jump?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" target=\"_blank\" rel=\"noopener\"> <img decoding=\"async\" src=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=3&amp;c=33ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0\" alt> <\/a> <\/noscript> <\/div>\n<p>It&#8217;s been four months since mass exploitation of vulnerabilities in Progress Software&#8217;s MOVEit file transfer software was publicly announced, and only a little more recent that the Clop ransomware gang added Sony to its list of victims.<\/p>\n<p>In early October Sony admitted it was a victim. In a breach notification <a href=\"https:\/\/apps.web.maine.gov\/online\/aeviewer\/ME\/40\/8b595be6-d1d7-47df-84d5-05738edd84f9.shtml\" rel=\"nofollow\">filed<\/a> with the US state of Maine, Sony admitted that 6,791 of its US employees had their data exposed due to the MOVEit vulnerability, which was <a href=\"https:\/\/www.theregister.com\/2023\/06\/01\/moveit_transfer_zero_day\/\">vulnerable<\/a> to an SQL injection attack allowing hackers to elevate their privileges and gain unauthorized access to target environments.<\/p>\n<p>As of late July, more than 400 organizations and 20 million individuals had fallen prey to the MOVEit vulnerability \u2013 including high-profile customers like Sony, energy provider Shell and the US Department of Energy.<\/p>\n<p>According to the breach letter sent to Sony employees and their family members, Sony Interactive Entertainment \u2013 the subsidiary dealing with video games and consoles like the PlayStation \u2013 had its MOVEit environment compromised as early as May 28, just a few days before Progress announced the vulnerability. It took Sony until June 2 to discover it had been affected, at which time it immediately took its MOVEit system offline in response.<\/p>\n<p>Sony redacted the exposed information in its sample form letter filed with the state of Maine, so it&#8217;s not immediately clear what personal information was exposed. Maine&#8217;s website only says that names &#8220;or other personal identifier[s]&#8221; were stolen in combination with social security numbers.<\/p>\n<p>Why Sony waited so long to publicly acknowledge the breach is unclear, though it&#8217;s worth noting this isn&#8217;t the only breach that Sony is dealing with right now.<\/p>\n<p>Ransomed.vc, which has been targeting Japanese companies of late, <a href=\"https:\/\/www.theregister.com\/2023\/10\/01\/in_brief_infosec\/\">claimed<\/a> it hacked Sony and stole 3.14GB of data from its servers \u2013 though that claim has been contested by other hackers. Sony has since <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/sony-confirms-data-breach-impacting-thousands-in-the-us\/\" rel=\"nofollow\">confirmed<\/a> the Ransomed.vc breach, meaning that Sony&#8217;s security perimeter has been busted twice in the last four months.<\/p>\n<p>As we also reported this week, <a href=\"https:\/\/www.theregister.com\/2023\/10\/02\/ws_ftp_update\/\">mass exploitation<\/a> of a vulnerability in another piece of Progress software, WS_FTP, has reportedly begun, so expect more high-profile breaches to come.<\/p>\n<div class=\"boxout\" readability=\"16.917293233083\">\n<h3 class=\"crosshead\">Critical vulnerabilities: CURL up and die edition<\/h3>\n<p>CURL \u2013 the command line URL fetching tool used by <a href=\"https:\/\/www.theregister.com\/2023\/03\/21\/curl_project_25\/#:~:text=Any%20developer%20who%20is%20serious,it%20internally%20for%20data%20transfer.\">billions of devices<\/a> to fetch web content \u2013 contains a vulnerability so serious that its developer Daniel Stenberg has seen fit to cut the release cycle short to release a <a href=\"https:\/\/github.com\/curl\/curl\/discussions\/12026\" rel=\"nofollow\">critical patch<\/a> on October 11.<\/p>\n<p>Stenberg didn&#8217;t go into details, saying that if he did it &#8220;would help identify the problem area with a very high accuracy.&#8221; Stenberg only said that the last several years of releases are affected. Two CVEs are included \u2013 both affecting libcurl, and only the higher-severity one affecting the CURL tool itself.<\/p>\n<p>In other vulnerability news:<\/p>\n<ul>\n<li>CVSS 10.0 \u2013 <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-278-02\" rel=\"nofollow\">CVE-2023-2306<\/a>: Qognify NiceVision IP surveillance camera software version 3.1 and earlier contain hard-coded credentials.<\/li>\n<li>CVE 9.8 \u2013 <a href=\"https:\/\/www.cisa.gov\/news-events\/ics-advisories\/icsa-23-278-01\" rel=\"nofollow\">multiple CVEs<\/a>: Various models of Hitachi Energy switches, firewalls and routers contain a bundle of vulnerabilities that can be exploited to have &#8220;a high impact&#8221; on availability, integrity and confidentiality of devices.<\/li>\n<li><a href=\"https:\/\/lists.x.org\/archives\/xorg\/2023-October\/061506.html\" rel=\"nofollow\">Multiple CVEs<\/a>: X.org has patched five vulnerabilities in the libX11 and libXpm libraries addressing an out-of-bounds memory access bug and other vulnerabilities \u2013 be sure to patch.<\/li>\n<\/ul>\n<\/div>\n<h3 class=\"crosshead\">2020 Blackbaud ransomware attack still paying dividends for regulators<\/h3>\n<p>Cast your mind back to 2020, and you may recall hearing about software firm Blackbaud being caught covering up a ransomware attack by <a href=\"https:\/\/www.theregister.com\/2020\/08\/03\/blackbaud_glosses_over_ransomware_payoff\/\">paying off the perps<\/a> and trying to brush the incident under the rug.<\/p>\n<p>As you can guess from the fact that we&#8217;re talking about it, that didn&#8217;t work. Blackbaud, which builds software for nonprofits and donor management, forked over <a href=\"https:\/\/www.theregister.com\/2023\/03\/10\/sec_blackbaud_3m_penalty\/\">$3 million to the SEC<\/a> in March 2023 for not admitting the incident and, once admitting it, not acknowledging that a whole bundle of PII was stolen from 13,000 clients as a result.<\/p>\n<p>Now, attorneys general from all 50 US states have <a href=\"https:\/\/www.njoag.gov\/ag-platkin-announces-49-5-million-multistate-settlement-with-blackbaud-to-resolve-2020-data-breach\/\" rel=\"nofollow\">secured<\/a> another settlement over Blackbaud&#8217;s &#8220;deficient data security practices and inadequate response&#8221; to the incident. The total? Forty-nine and a half million dollars, split between the states.<\/p>\n<p>&#8220;Firms that sell software as a service have an obligation to safeguard it at the highest level and must be immediately forthcoming and proactive if a cyber theft does occur,&#8221; New Jersey attorney general Matthew Platkin said of the settlement.<\/p>\n<h3 class=\"crosshead\">Qakbot is back from the dead \u2013 sort of<\/h3>\n<p>The venerable Qakbot malware operation appears to be alive and well despite an <a href=\"https:\/\/www.theregister.com\/2023\/08\/29\/duck_hunt_qakbot\/\">international takedown<\/a> of the botnet and malware loader in late August.<\/p>\n<p>Qakbot was first detected in 2007, and since then its operators \u2013 believed to be Russian \u2013 have proven to be very good at <a href=\"https:\/\/www.theregister.com\/2023\/06\/05\/qbot_malware_adaptations\/\">adapting<\/a> to circumstances.<\/p>\n<p>Case in point: a <a href=\"https:\/\/blog.talosintelligence.com\/qakbot-affiliated-actors-distribute-ransom\/\" rel=\"nofollow\">discovery<\/a> by security researchers from Talos, who have assessed &#8220;with moderate confidence&#8221; that a Cyclops\/Ransom Knight ransomware campaign that began shortly before the August Qakbot takedown is being run by the same people.<\/p>\n<p>&#8220;We believe the FBI operation didn&#8217;t affect Qakbot&#8217;s phishing email delivery infrastructure but only its command and control servers,&#8221; Talos said of its findings. Despite the Qakbot operators persisting, the Qakbot malware doesn&#8217;t appear to have fared as well.<\/p>\n<p>&#8220;We have not seen the threat actors distributing Qakbot post-infrastructure takedown,&#8221; Talos said. &#8220;Given the operators remain active, they may choose to rebuild Qakbot infrastructure to fully resume their pre-takedown activity.&#8221;<\/p>\n<p>Well, thanks for trying, FBI and international law enforcement partners.<\/p>\n<h3 class=\"crosshead\">Customer genetic data stolen in 23andMe attack<\/h3>\n<p>Genetics firm 23andMe has <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/genetics-firm-23andme-says-user-data-stolen-in-credential-stuffing-attack\/\" rel=\"nofollow\">admitted<\/a> it was hit by a credential stuffing attack leading to the theft of PII that includes genetic ancestry results.<\/p>\n<p>The leakers initially released one million lines of information pertaining to people with Ashkenazi heritage, but have since begun offering to sell bulk account data for a few dollars a pop, and they claim to have data on over <a href=\"https:\/\/cyberscoop.com\/23andme-user-data-theft\/?utm_content=266994582&amp;utm_medium=social&amp;utm_source=twitter&amp;hss_channel=tw-720664083767435264\" rel=\"nofollow\">13 million<\/a> 23andMe customers.<\/p>\n<p>The number of accounts on sale doesn&#8217;t reflect the actual number of people who had genetic information stolen \u2013 many of the compromised accounts had reportedly opted into a DNA comparison feature that let attackers scrape genetic data belonging to people other than the account holder.<\/p>\n<p>This being a credential stuffing attack, those who had their accounts breached were using the same usernames and passwords on other sites that had been breached. That is to say, 23andMe itself wasn&#8217;t hacked \u2013 its users had their usernames and passwords found out from other sites, and these credentials were then used to access their 23andMe accounts due to the login details being the same. This is why it&#8217;s important to use unique passwords per site or account.<\/p>\n<p>23andMe offers two-factor authentication, but those affected by the breach probably weren&#8217;t using it. There&#8217;s your lesson. \u00ae<\/p>\n<p> READ MORE <a href=\"https:\/\/go.theregister.com\/feed\/www.theregister.com\/2023\/10\/09\/in_brief_security\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>PLUS: Sony admits to MoveITbreach; Blackbaud fined again, Qakbot&#8217;s sorta back from the dead; and more Infosec in brief\u00a0 Bot defense software vendor Human Security last week detailed an attack that &#8220;sold off-brand mobile and Connected TV (CTV) devices on popular online retailers and resale sites \u2026 preloaded with a known malware called Triada.&#8221;\u2026 READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[63],"tags":[],"class_list":["post-54034","post","type-post","status-publish","format-standard","hentry","category-the-register"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.5 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2023-10-09T01:27:10+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign\",\"datePublished\":\"2023-10-09T01:27:10+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\\\/\"},\"wordCount\":1418,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"articleSection\":[\"The Register\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\\\/\",\"name\":\"Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"datePublished\":\"2023-10-09T01:27:10+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\\\/#primaryimage\",\"url\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\",\"contentUrl\":\"https:\\\/\\\/pubads.g.doubleclick.net\\\/gampad\\\/ad?co=1&amp;iu=\\\/6978\\\/reg_security\\\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\/","og_locale":"en_US","og_type":"article","og_title":"Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2023-10-09T01:27:10+00:00","og_image":[{"url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign","datePublished":"2023-10-09T01:27:10+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\/"},"wordCount":1418,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","articleSection":["The Register"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\/","url":"https:\/\/www.threatshub.org\/blog\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\/","name":"Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\/#primaryimage"},"thumbnailUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","datePublished":"2023-10-09T01:27:10+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\/#primaryimage","url":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0","contentUrl":"https:\/\/pubads.g.doubleclick.net\/gampad\/ad?co=1&amp;iu=\/6978\/reg_security\/front&amp;sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&amp;tile=2&amp;c=2ZSNooy7VQU9X3-c3OXb9hAAAAMw&amp;t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/chinese-smart-tv-boxes-infected-with-malware-in-peachpit-ad-fraud-campaign\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Chinese smart TV boxes infected with malware in PEACHPIT ad fraud campaign"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54034","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=54034"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/54034\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=54034"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=54034"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=54034"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}