Get 1,000+ Free Secret Apps on Firestick & Android TV/Google TV

TV Channels

Large Scale DDoS Attack is Infecting Android TV Boxes

DDos Infecting Android TV

Security researchers have recently uncovered a disturbing trend in the cybercrime landscape – a large-scale DDoS botnet that is infecting Android TV boxes and set-top boxes. This cybercrime syndicate, known as Bigpanzi, has been active since 2015 and poses a significant threat to the security of these devices.

The botnet, with its peak at 170,000 daily active bots, targets Android TV Boxes and streaming hardware through pirated apps and firmware updates, infecting potentially millions of devices. Once compromised, these devices become powerful tools for cybercriminals, enabling them to carry out various nefarious activities, including DDoS attacks and stream hijacking.

The malware responsible for this botnet, pandoraspear, incorporates 11 different DDoS attack vectors inherited from the infamous Mirai malware. This makes it a formidable threat and raises concerns about the potential misuse of the botnet.

Unfortunately, this isn’t the first time we have seen problems with these devices as there are multiple instances of them being susceptible to malware and more in the past.

The Operations of Bigpanzi and the Scale of the Botnet

Bigpanzi’s cybercrime operations are primarily focused in Brazil, particularly in São Paulo. The researchers have gained insight into the scale of the botnet by hijacking two command and control (C2) domains used by the attackers. At its peak, the botnet had approximately 170,000 daily active bots, with over 1.3 million unique IP addresses associated with the botnet since August. However, due to limitations in device activity and visibility, it is believed that the actual size of the botnet is larger.

The malware tools used by Bigpanzi, pandoraspear and pcdn, are responsible for infecting the Android TV and eCos set-top boxes. Pandoraspear acts as a backdoor trojan, allowing for DNS manipulation, DDoS attacks, and remote command execution. Pcdn, on the other hand, builds a peer-to-peer Content Distribution Network (CDN) and possesses DDoS capabilities.

bigpanzi cyber gang

The botnet operated by Bigpanzi is part of a complex cybercrime network that spans across Brazil. It is alarming to see the extent of their operations and the significant number of infected devices under their control. The use of advanced malware tools like pandoraspear and pcdn demonstrates the sophistication and malicious intent of the attackers.

The scale of the botnet is staggering, with hundreds of thousands of daily active bots and millions of associated IP addresses. This poses a severe threat to both the security of the infected devices and the overall stability of online services.

The Threats Posed by Bigpanzi and What You Can Do

The widespread infections caused by the Bigpanzi cybercrime syndicate have far-reaching implications that extend beyond just DDoS attacks. This notorious group has found various ways to monetize the compromised devices, utilizing them for illegal media streaming platforms, traffic proxying networks, DDoS swarm attacks, and OTT content provision.

As a result, the compromised Android TV boxes and set-top boxes become vehicles for disseminating visual and audio content without any legal constraints. This alarming trend has already led to real-world incidents involving the broadcasting of violent, terroristic, and pornographic material, and even the utilization of AI-generated videos for political propaganda.

DDoS on Android TV

If you are using an Android TV Box, it is extremely important to ensure your protection when streaming with these devices. We strongly recommend purchasing streaming devices from reputable outlets such as Amazon, Formuler, NVIDIA, BuzzTV, and more.

For those who wish to continue using their generic Android TV Box, we suggest installing and using Surfshark VPN with the built-in CleanWeb feature to protect your data. This is a powerful ad & malware blocker that works perfectly on streaming devices including Android TV & more.

We also recommend using VirusTotal to scan your installed applications for any viruses/malware that may be associated with them.

The report for this story was originally published by XLab which you can find below.

Bigpanzi Exposed: The Hidden Cyber Threat Behind Your Set-Top Box

We want to know what you think of this story. Drop a comment in the comment section below!

Be sure to stay up-to-date with the latest streaming news, reviews, tips, and more by following the TROYPOINT Advisor with updates weekly.


Your online activity is recorded by your government, Internet Service Provider, app/addon/IPTV devs and all websites through your identifying IP address

Stream anonymously by using Surfshark VPN

Your Current Identifying IP Address (digital fingerprint):


Surfshark backs their service with a 30-day money back guarantee

Use your account on unlimited devices & share with family members


This Advisor provides all the best cord-cutting tips to get the most out of your favorite streaming devices and more.

Click the link below to join the other 800,000 Advisor subscribers.

Free TROYPOINT Advisor

This page includes affiliate links where TROYPOINT may receive a commission at no extra cost to you. Many times, visitors will receive a discount due to the special arrangements made for our fans. Learn more on my Affiliate Disclaimer page.

Notable Replies

  1. Would this DDoS issue be the cause of boxes acting strangely? Such as dropping internet connections, turning off randomly, freezing the UI, etc…

  2. How would the DDos get to the box since all anyone can see out there is our real external IP given by our ISP. Clearly, anyone could be attacked as corporations are all the time or websites to temporarily take it down because it’s no accessible.

  3. Avatar for TXRon TXRon says:

    In the pc world usually that would be a backdoor trojan. Generally picked up by installing un-verified apps, pre-installed by someone at factory or 3rd party sellers…To be honest a trojan can be installed by a picture containing hidden malware.

  4. A trojan can absolutely be installed on your device but only by installing an app. A DDos is multitudes of computers hitting you as the same time rendering your connection useless until they stop. I am unsure why a group would or could focus on many single systems, bothering to find our IP and using many resources. It seriously makes no sense I would be interested in reading more about this group if it’s published here.

  5. Avatar for TXRon TXRon says:

    What Is a Trojan Horse? Trojan Virus and Malware Explained | Fortinet

  6. Yes exactly that. Malware bytes was always good at detecting them if you tried to dl something containing them on a PC. ** I’ve now read the article above and it seems to be a backdoor trojan.

  7. Avatar for MarkxG MarkxG says:

    Disappointed!!! I was expecting this article to say they were only targeting the “Cheap China Boxes” :rofl:

  8. Does this include the google boxes such as the Walmart Onn boxes?

  9. Installed Virus Total and says it can’t scan because “Error, internet is not available.” Kinda stupid when i just downloaded the app. Im hardired. Tried Wifi on. Rebooted. Vpn on/off…still same. I guess ill continue to have sex without a condom with this iptv network transmitted disease.

  10. I have had the same experience with Virus Total. All this talk, but no way to fix it! Does anybody have a fix???

Continue the discussion at


Avatar for TROYPOINT Avatar for ocaladick Avatar for daddyo53r Avatar for TXRon Avatar for Powerfader Avatar for MarkxG Avatar for Wizzard Avatar for Belizeman

Save 86% on Surfshark VPN + 3 Free Months