GEOBOX: Raspberry Pi Transforms Into A Tool For Fraud And Anonymization

by | Mar 27, 2024 | News

Post Views: 900

Join our Patreon Channel and Gain access to 70+ Exclusive Walkthrough Videos.

Reading Time: 3 Minutes

Cybercriminals have escalated their tactics, repurposing innocuous devices like Raspberry Pi into potent, ‘plug-and-play’ instruments for digital fraud. Augmented with GEOBOX, their operations attain a new level of sophistication, enabling manipulation of GPS data, network simulation, Wi-Fi spoofing, and evasion of anti-fraud filters.

Recent research from Resecurity, a US-based cybersecurity solutions provider, has unveiled a troubling trend. Cybercriminals are leveraging IoT devices for illicit endeavors, employing operational security (OPSEC) techniques and customizable configurations to operate without leaving traces, ensuring anonymity for their activities.

According to Resecurity’s Cyber Threat Intelligence team, a significant discovery emerged from the depths of the Dark Web: GEOBOX, a malevolent tool designed to transform ordinary IoT hardware into potent cyber weapons. GEOBOX marks a paradigm shift in cybercriminal tactics, underscoring the evolving nature of digital threats.

GEOBOX is being sold on Telegram (Screenshot credit: Resecurity)

See Also: So, you want to be a hacker?
Offensive Security, Bug Bounty Courses

Discover your weakest link. Be proactive, not reactive. Cybercriminals need just one flaw to strike.

Specifically crafted for Raspberry Pi 4 Model B devices, GEOBOX facilitates cybercriminals in anonymization and fraud. Its existence came to light during an investigation into an online banking theft involving a high-net-worth client of a Fortune 100 financial company, prompting deeper scrutiny by researchers.

The emergence of GEOBOX follows closely on the heels of another dark web tool, TMChecker, which has armed ransomware gangs, particularly targeting the e-commerce and aviation sectors with precision cyberattacks.

Resecurity’s research, shared exclusively with Hackread.com, revealed the utilization of multiple internet-connected GEOBOX devices as proxies by threat actors, strategically positioned at remote locations to enhance their anonymity. This strategy complicates investigation and tracking efforts, as GEOBOX devices do not retain logs by default. Notably, Resecurity observed a malicious actor utilizing GEOBOX with two LTE-based wireless modems for heightened anonymization, particularly in remote connections.

Available for a lifetime fee of $700 or a monthly rate of $80, payable in cryptocurrency, GEOBOX is advertised on major underground forums and Telegram. Its user manual provides comprehensive instructions on downloading and installing the Raspberry Pi OS using Raspberry Pi Imager, acquiring the GEOBOX Software Image, and operating the GEOBOX software.

Trending: Digital Forensics Tool: mailMeta

GEOBOX boasts a plethora of features, including WebRTC IP for discreet online communication, GPS spoofing for manipulating geolocation data, and Wi-Fi MAC address masking. The device demands a minimum of 4 GB of RAM, with an 8 GB variant available for enhanced performance.

Spoofing options
Source: Resecurity

Moreover, GEOBOX connects to the internet via Ethernet or USB modem and offers various tabs such as INTERNETBOX, MIDDLEBOX, Proxy, VPN, and Wi-Fi, each furnishing specific functionalities. Users can configure diverse internet connection types, including VPN protocols like L2TP, PPTP, L2TP-IPsec, Wireguard, SSTP, Zerotier, and OpenVPN, with the ability to create nested VPN tunnels.

GEOBOX empowers threat actors across various nefarious activities, including cyberattack coordination, dark web market operations, sophisticated financial frauds, evasion of government censorship, anonymous malware dissemination, credential stuffing campaigns, disinformation operations, surveillance evasion in authoritarian regimes, content piracy, geo-restriction circumvention, and network security testing.

Furthermore, cybercriminals can exploit GEOBOX to manipulate their geographical location using a GPS-like driver, circumventing location verification checks on websites like Whoer.net and browserleaks.com, and creating fraudulent accounts on popular platforms like Google and Amazon.

The emergence of GEOBOX underscores the critical need for robust digital risk monitoring and endpoint protection strategies. Collaboration between law enforcement agencies, deployment of proactive measures, and continuous innovation in cybersecurity strategies are imperative to effectively counter such threats.

Are u a security researcher? Or a company that writes articles about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing? If you want to express your idea in an article contact us here for a quote: [email protected]

Source: hackread.com

Source Link