FBI: BadBox 2.0 Android Malware Infects Millions of Consumer Devices

The FBI is warning about the BADBOX 2.0, which has infected over 1 million home internet-connected devices into residential proxies for malicious activity. These devices, commonly Chinese Android-based smart TVs, streaming boxes, projectors, tablets, and other IoT devices, are infected with the BADBOX botnet. The botnet is often found on devices that come preloaded with malware or become infected after installing firmware updates and malicious Android applications that sneak onto Google Play and third-party app stores. Cybercriminals gain unauthorized access to home networks by configuring products with malware prior to purchase or infecting devices during the set-up process. Infected devices connect to the attacker's command and control servers, receiving commands to execute malicious activities such as routing traffic through residential IPs, performing ad fraud, and launching credential-stuffing attacks. Despite Germany's cybersecurity agency disrupting the botnet, researchers found the malware on 192,000 devices a week later, and it continued to grow, infecting mainstream brands like Yandex TVs and Hisense smartphones. The malware was found on lower-price-point, 'off brand,' uncertified tablets, connected TV boxes, digital projectors, and more, manufactured in mainland China and shipped globally. The infected devices are Android Open Source Project devices, not Android TV OS devices or Play Protect certified Android devices. The BADBOX 2.0 operation has impacted more than 1 million consumer devices, with traffic observed from 222 countries and territories worldwide.