The malware campaign represents the largest known botnet of internet-connected television devices, compromising over 10 million uncertified Android devices worldwide.
BadBox 2.0 emerged as a sophisticated threat targeting devices running Android’s open-source software without Google’s integrated security protections.
The malware operators exploited the vulnerability gap in uncertified devices, pre-installing malicious code that remained dormant until activation.
This strategic approach allowed cybercriminals to establish persistent access to millions of connected TVs and streaming devices across global networks.
The botnet’s primary attack vector involved manufacturing partnerships with device producers who unknowingly distributed compromised hardware.
Once deployed in consumer environments, the infected devices conducted large-scale ad fraud operations, generating illegitimate revenue streams while remaining largely undetected by users.
Google researchers identified the malware’s sophisticated evasion techniques, which included mimicking legitimate network traffic patterns and operating during low-usage periods.
Google analysts working alongside HUMAN Security and Trend Micro researchers noted the malware’s advanced persistence mechanisms during their investigation.
The collaborative effort revealed BadBox 2.0’s ability to maintain command-and-control communications through encrypted channels, making traditional network monitoring ineffective.
The malware’s infection mechanism relies on firmware-level integration during the manufacturing process.
BadBox 2.0 embeds itself within the Android Open Source Project framework, establishing deep system-level access that survives factory resets.
The malware creates hidden service processes that communicate with remote servers, enabling operators to push additional payloads and update attack strategies dynamically.
Google’s Ad Traffic Quality team has since updated Google Play Protect to automatically identify and block BadBox-associated applications, while the FBI continues coordinating with international law enforcement agencies.
Boost detection, reduce alert fatigue, accelerate response; all with an interactive sandbox built for security teams -> Try ANY.RUN Now
The post Google Sued BadBox 2.0 Malware Botnet Operators That Infects 10 Million+ Devices appeared first on Cyber Security News.
SUGARLOAF, Pa. (AP) — For John Zola, the 40 acres were like a paradise: apple…
If open enrollment comes to pass, John White said his town could benefit from students…
Rock Valley College is celebrating a major milestone in their partnership with Northern Illinois University.…
A critical vulnerability in AVideo, a widely used open-source video hosting and streaming platform. Tracked…
Womanspace and Tad More Tailoring partnered to host the "Restyle the Runway" event Saturday afternoon…
A new weekend has arrived, and today, you can save on Mario Kart World for…
This website uses cookies.