In recent developments, cybersecurity experts have uncovered a new tool being advertised on the Dark Web known as GEOBOX.
This tool leverages the capabilities of Raspberry Pi devices to facilitate fraudulent activities and enhance online anonymity.
GEOBOX is designed to spoof GPS locations, emulate network settings, mimic Wi-Fi access points, and bypass anti-fraud filters, making it a potent instrument for cybercriminals.
The discovery was made during an investigation into an online banking theft, where criminals were found using multiple GEOBOX devices as proxies to obscure their digital footprints.
This level of anonymity poses significant challenges for law enforcement agencies trying to trace the activities of these attackers.
GEOBOX is being sold on underground forums and through Telegram channels, with pricing options of $700 for a lifetime subscription or $80 per month, payable in cryptocurrency.
The tool’s advertisement on Telegram highlights its ability to transform a Raspberry Pi into a device capable of committing cybercrimes while remaining undetected.
Feature Of Geobox
The user manual accompanying GEOBOX provides comprehensive instructions for setting up the device.
It guides users through the process of selecting an SD card for optimal performance, downloading the Raspberry Pi OS from the official website, and obtaining the GEOBOX software image.
Once the operating system is installed, the manual details the steps to activate the GEOBOX software, connect to the Internet, and configure its various functions.
The software suite is specifically designed for network configuration on the Raspberry Pi and offers a range of features.
Users can manage multiple VPN connections using protocols such as OpenVPN, L2TP, and Wireguard.
They can create and switch between VPN profiles for customized network routing, including the creation of cascaded VPN tunnels for increased anonymity.
The configuration of proxy servers allows for the manipulation of DNS, GPS, and Wi-Fi MAC address information.
For devices without a GPS receiver, GEOBOX provides a GPS emulator. It also enables users to manage Wi-Fi network settings and DNS servers.
For more advanced users, the tool includes a Mimic Tab to monitor data manipulation and a Log Tab for system diagnostics.
Technical Insights
GEOBOX operates through a web interface, offering functionalities such as proxy server configuration, VPN connectivity, and the ability to alter Wi-Fi network parameters.
Its ease of use, combined with the variety of functions it provides, makes it a significant cybersecurity threat.
The tool can be used for a range of cybercrimes, including cyber-attacks, dark web market operations, and financial fraud.
Cybersecurity firm Resecurity discovered that cybercriminals are using GEOBOX in conjunction with multiple LTE modems and proxy servers to anonymize their connections.
This method of operation makes it exceedingly difficult to trace the criminals, especially when they use remote access.
The criminals employ short sessions to eliminate evidence, which further complicates investigative efforts.
The easy access to GEOBOX and its capabilities raises concerns about its potential widespread use among cybercriminals.
The evolving threat landscape underscores the urgent need for advanced security solutions and global cooperation to combat the increasingly sophisticated nature of cybercrime.
As cybercriminals continue to develop and utilize more custom-made or modified devices like GEOBOX, it becomes imperative for cybersecurity professionals to stay ahead of these threats.
The use of Raspberry Pi devices in such illicit activities is a testament to the versatility and power of these small computers, which, when used maliciously, can have significant implications for digital security and privacy.
Also Read: Attackers Use Multiple Ivanti Connect Secure and Policy Secure Gateway Bugs
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
