Hackers Transform Raspberry Pi Into A Hacking Tool

GEOBOX is specialized software designed for Raspberry Pi devices that have been observed on the Dark Web being marketed as the next major development in fraud and anonymity technologies. 

Cybercriminals have managed to turn the popular geek-favorite device into a “plug-and-play” tool for digital deception.

This allows the user to impersonate known Wi-Fi access points, spoof GPS locations, emulate particular network and software settings, and bypass anti-fraud filters. 

The tool can be rented for $700 per lifetime or $80 each month, with payments made in cryptocurrency. It’s promoted on Telegram as well as on prominent underground forums like Exploit.

The GEOBOX tool was initially uncovered, notably, while a prominent Fortune 100 financial institution was looking into an online banking theft involving a high-net-worth (HNW) client. 

The hackers made use of multiple GEOBOX devices, each of which was positioned in different remote locations and connected to the Internet.

By acting as proxies, these devices greatly improved their anonymity

This method made the tracking and investigation procedure more difficult, especially because GEOBOX devices don’t log anything by default. 

The tool advertised on Telegram

The Tool’s Operation

“Designed for anonymity and fraudulent activities, GEOBOX turns ordinary hardware into a potent weapon for digital deception”, Resecurity shared with CyberSecurity News.

“This development is particularly concerning given the widespread availability and low cost of Raspberry Pi devices, making advanced cyber tools more accessible to threat actors than ever before”.

Given that GEOBOX is marketing this product to a wide audience, the setup procedure for this gadget has been made rather simple.

They have included an easy-to-follow user handbook with clear, brief instructions.

User manual provides clear instructions on which SD card should be used 

The manual continues by describing how to get the GEOBOX Software Image.

To Obtain Software Image

The manual provides comprehensive instructions on how to operate the GEOBOX software after the Raspberry Pi OS has been installed.

The activation process is covered in the article after the user installs the GEOBOX software.

Working with the tool

GEOBOX Features

  • INTERNETBOX Tab – Allows users to configure various internet connection types.
  • MIDDLEBOX Tab– Offers additional VPN configuration options.
  • Proxy Tab – Enables users to configure a proxy server.
  • VPN Tab– Allows users to add VPN profiles.
  • GPS Tab– Users can find installation files for a GPS emulator for Windows systems.
  • WI-FI Tab: Users can change the parameters of the Default network.
  • DNS Tab– Automatically selects DNS servers based on the geolocation.
  • Mimic Tab: Displays the data received from the proxy server and the substituted data.
  • System Tab: Provides system data.
  • Log Tab: Contains system events and logs.
  • Zerotier Configuration: Detailed instructions are provided for setting up Zerotier.
Geobox Feature Set

According to researchers, GEOBOX turns Raspberry Pi devices into advanced fraud and anonymization tools. 

This device is specifically made for the Raspberry Pi 4 Model B and comes with customized firmware and applications.

A minimum of 4 GB of RAM is needed, however, for best results; an 8 GB version is advised.

Hence, this emphasizes the need for effective endpoint protection and digital risk monitoring systems.

This calls for improved detection capabilities as well as a global cybersecurity community-wide effort to share resources and intelligence.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.