Resecurity identified a new solution advertised on the Dark Web – GEOBOX, a custom software, purpose-built for Raspberry Pi devices, representing an evolution in tooling for fraud and anonymization.
Notably, the cybercriminals transformed widely used geek-favorite device into a ‘plug-and-play’ weapon for digital deception – enabling the operator to spoof GPS locations, emulate specific network and software settings, mimic settings of known Wi-Fi access points, as well as bypass anti-fraud filters.
The GEOBOX tool was first discovered during an investigation into an online banking theft involving a high-net-worth (HNW) client of a leading Fortune 100 financial institution.
This discovery led to the acquisition of GEOBOX for more in-depth analysis. The malicious individuals utilized several GEOBOX devices, each connected to the Internet and strategically placed in various remote locations. These devices served as proxies, significantly enhancing their anonymity. This approach complicated the investigation and tracking process, especially since, by default, GEOBOX devices do not store any logs.
Resecurity envisions the tactics leveraging custom-made or modified devices like Raspberry Pi and other Internet-of-Things (IoTs) will be more actively used by bad actors, creating a new challenge for law enforcement internationally.
Fig 1
The package can be rented for a lifetime fee of $700 or a monthly rate of $80, payable in cryptocurrency. It is advertised on major underground forums, including Exploit, and is also promoted on Telegram.
Translation
More information:
- WebRTC IP masking.
- GPS-driver for Windows OS.
- Wi-Fi. Masquerading of hotspot MAC address for specific geolocation (based on the map of known hotspots)
- DNS configuration for specific geographical location (to avoid leaks).
- Support of various VPN protocols for routing.
- Flexible Proxy servers management.
- LTE modems support
Welcome!
PRICE:
$80 — Per Month
$700 — Forever
Internet-Of-Things (IoTs) On The Service Of Cybercriminals
Designed for anonymity and fraudulent activities, GEOBOX turns ordinary hardware into a potent weapon for digital deception. This development is particularly concerning given the widespread availability and low cost of Raspberry Pi devices, making advanced cyber tools more accessible to threat actors than ever before.
In fact, the choice of Raspberry Pi is a good example of how cybercriminals may leverage Internet-connected portal devices for anonymization complicating investigation for law enforcement.
Easy To Setup
The setup process of this device has been made relatively simple, assuming GEOBOX is aiming this tool at a broad audience, they provide a user manual with clear, concise, and easy to follow instructions.
Preparing the MicroSD Card and Software
The user manual provides clear instructions on which SD card should be used to get optimal performance from their tool on the Raspberry Pi.
(Rsecurity)