That smart TV in your office could be infecting your whole business with malware

How to connect a phone to your TV
Image credit: iStock (Image credit: iStock)

New research has claimed a known malware variant that primarily targets smart TVs is hitting enterprises around the world.

A report from WatchGuard Technologies claims detections of Pandoraspear malware are on the rise, pushed via free streaming sites, which the victims were visiting via their smartphones. 

Once the site is loaded on the TV, the device gets infected with Pandoraspear, which assimilates it into the botnet.

DDoS and more

News of Pandoraspear first started popping up in January 2024, when researchers revealed a cybercriminal group called Bigpanzi was developing the Pandoraspear botnet.

Bigpanzi, thought to hae been active since 2015, is most likely a Latin American criminal organization, as the majority of the victims are located in Sao Paulo, Brazil.

The network of compromised devices is then used for Distributed Denial of Service (DDoS) attacks, and at one point it counted more than 170,000 endpoints. Given that not all endpoints are active at the same time, the botnet is expected to be much larger, with some researchers claiming to have seen 1.3 million unique IP addresses since August 2023.

IoTNews also reported that Pandoraspear was also once used in the United Arab Emirates to display images of conflict between Israel and Hamas instead of whatever the people were watching at the time. The malware apparently inherited its DDoS attack vectors from Mirai, an infamous and now defunct botnet. 

"Over the past eight years, Bigpanzi has been operating covertly, silently amassing wealth from the shadows," researchers from Xlabs said in a report in January. "With the progression of their operations, there has been a significant proliferation of samples, domain names, and IP addresses."

"In the face of such a large and intricate network, our findings represent just the tip of the iceberg in terms of what Bigpanzi encompasses."

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.