Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: FBI: BadBox 2.0 Android Malware Infects Millions of Consumer Devices

Link: https://it.slashdot.org/story/25/06/06/203322...

An anonymous reader quotes a report from BleepingComputer: The FBI is warning
that the BADBOX 2.0 malware campaign has infected over 1 million home
Internet-connected devices, converting consumer electronics into residential
proxies that are used for malicious activity. The BADBOX botnet is commonly
found on Chinese Android-based smart TVs, streaming boxes, projectors,
tablets, and other Internet of Things (IoT) devices. "The BADBOX 2.0 botnet
consists of millions of infected devices and maintains numerous backdoors to
proxy services that cyber criminal actors exploit by either selling or
providing free access to compromised home networks to be used for various
criminal activity," warns the FBI. These devices come preloaded with the
BADBOX 2.0 malware botnet or become infected after installing firmware
updates and through malicious Android applications that sneak onto Google
Play and third-party app stores. "Cyber criminals gain unauthorized access to
home networks by either configuring the product with malicious software prior
to the users purchase or infecting the device as it downloads required
applications that contain backdoors, usually during the set-up process,"
explains the FBI. "Once these compromised IoT devices are connected to home
networks, the infected devices are susceptible to becoming part of the BADBOX
2.0 botnet and residential proxy services4 known to be used for malicious
activity." Once infected, the devices connect to the attacker's command and
control (C2) servers, where they receive commands to execute on the
compromised devices, such as [routing malicious traffic through residential
IPs to obscure cybercriminal activity, performing background ad fraud to
generate revenue, and launching credential-stuffing attacks using stolen
login data]. Over the years, the malware botnet continued expanding until
2024, when Germany's cybersecurity agency disrupted the botnet in the country
by sinkholing the communication between infected devices and the attacker's
infrastructure, effectively rendering the malware useless. However, that did
not stop the threat actors, with researchers saying they found the malware
installed on 192,000 devices a week later. Even more concerning, the malware
was found on more mainstream brands, like Yandex TVs and Hisense smartphones.
Unfortunately, despite the previous disruption, the botnet continued to grow,
with HUMAN's Satori Threat Intelligence stating that over 1 million consumer
devices had become infected by March 2025. This new larger botnet is now
being called BADBOX 2.0 to indicate a new tracking of the malware campaign.
"This scheme impacted more than 1 million consumer devices. Devices connected
to the BADBOX 2.0 operation included lower-price-point, 'off brand,'
uncertified tablets, connected TV (CTV) boxes, digital projectors, and more,"
explains HUMAN. "The infected devices are Android Open Source Project
devices, not Android TV OS devices or Play Protect certified Android devices.
All of these devices are manufactured in mainland China and shipped globally;
indeed, HUMAN observed BADBOX 2.0-associated traffic from 222 countries and
territories worldwide."

Read more of this story at Slashdot.

---
VRSS v2.1.180528