Latest news with #BadBox2.0
Forbes
2 days ago
- Forbes
FBI Warning To 10 Million Android Users — Disconnect Your Devices Now
Discconnect now, FBI warns 10 million Android users. Update, July 26, 2025: This story, originally published on July 25, has been updated with a statement from the researchers which initially disclosed and disrupted the BadBox 2.0 operation that the FBI and Google are tackling head-on. In March, I reported that one of the largest botnets of its kind ever detected had impacted over a million Android devices. That massive attack was known as BadBox, but it has now been eclipsed by BadBox 2.0, with at least 10 million Android devices infected. Google has taken action to protect users as best it can, as well as launching legal action against the attackers, and the FBI has urged impacted users to disconnect their devices from the internet. Here's what you need to know. The FBI, Google And Others Warn Of Android BadBox 2.0 Attacks The FBI cybersecurity alert, I-060525-PSA, could not have been clearer: ongoing attacks are targeting everything from streaming devices, digital picture frames, third-party aftermarket automobile infotainment systems and other assorted home smart devices. The devices, all low-cost and uncertified, mostly originating in China, allow attackers to access your home network and beyond by, the FBI warned, 'configuring the product with malicious software prior to the user's purchase.' It has also been noted, however, that mandatory 'software updates' during the installation process can also install a malicious backdoor. Point Wild's Threat Intelligence Lat61 Team reverse-engineered the BadBox 2 infection chain and, as a result, uncovered new indicators of compromise that have been shared with global Computer Emergency Response Teams, as well as law enforcement. 'This Android-based malware is pre-installed in the firmware of low-cost IoT devices, smart TVs, TV boxes, tablets, before they even leave the factory,' Kiran Gaikwad from the LAT61 team said, 'It silently turns them into residential proxy nodes for criminal operations like click fraud, credential stuffing, and covert command and control (C2) routing.' Google, meanwhile, confirmed in a July 17 statement that it had 'filed a lawsuit in New York federal court against the botnet's perpetrators.' Google also said that it has 'updated Google Play Protect, Android's built-in malware and unwanted software protection, to automatically block BadBox-associated apps.' Human Security Behind Initial BadBox 2.0 Disclosure And Disruption Human Security, whose Satori Threat Intelligence and Research Team originally both disclosed and disrupted the BadBox 2.0 threat campaign, said at the time that researchers believed 'several threat actor groups participated in BadBox 2.0, each contributing to parts of the underlying infrastructure or the fraud modules that monetize the infected devices, including programmatic ad fraud, click fraud, proxyjacking, and creating and operating a botnet across 222 countries and territories.' If nothing else, that provides some context to the scale of this campaign. Now, Stu Solomon, the Human Security CEO, has issued the following statement: 'We applaud Google's decisive action against the cybercriminals behind the BadBox 2.0 botnet our team uncovered. This takedown marks a significant step forward in the ongoing battle to secure the internet from sophisticated fraud operations that hijack devices, steal money, and exploit consumers without their knowledge. Human's mission is to protect the integrity of the digital ecosystem by disrupting cybercrime at scale, and this effort exemplifies the power of collective defense. We're proud to have been deeply involved in this operation, working in close partnership with Google, TrendMicro, and the Shadowserver Foundation. Their collaboration has been invaluable in helping us expose and dismantle this threat.' FBI Recommendations And Mitigations — Disconnect Your Devices Now The FBI has recommended that Android users should be on the lookout for a number of potential clues that your Chinese-manufactured smart device could be infected with BadBox 2.0 malware. When it comes to mitigation, the advice is straightforward: users should 'consider disconnecting suspicious devices from their networks,' the FBI said.
Forbes
3 days ago
- Forbes
FBI Warning To 10 Million Android Users — Disconnect From Internet Now
Discconnect now, FBI warns 10 million Android users. In March, I reported that one of the largest botnets of its kind ever detected had impacted over a million Android devices. That massive attack was known as BadBox, but it has now been eclipsed by BadBox 2.0, with at least 10 million Android devices infected. Google has taken action to protect users as best it can, as well as launching legal action against the attackers, and the FBI has urged impacted users to disconnect their devices from the internet. Here's what you need to know. The FBI, Google And Others Warn Of Android BadBox 2.0 Attacks The FBI cybersecurity alert, I-060525-PSA, could not have been clearer: ongoing attacks are targeting everything from streaming devices, digital picture frames, third-party aftermarket automobile infotainment systems and other assorted home smart devices. The devices, all low-cost and uncertified, mostly originating in China, allow attackers to access your home network and beyond by, the FBI warned, 'configuring the product with malicious software prior to the user's purchase.' It has also been noted, however, that mandatory 'software updates' during the installation process can also install a malicious backdoor. Point Wild's Threat Intelligence Lat61 Team reverse-engineered the BadBox 2 infection chain and, as a result, uncovered new indicators of compromise that have been shared with global Computer Emergency Response Teams, as well as law enforcement. 'This Android-based malware is pre-installed in the firmware of low-cost IoT devices, smart TVs, TV boxes, tablets, before they even leave the factory,' Kiran Gaikwad from the LAT61 team said, 'It silently turns them into residential proxy nodes for criminal operations like click fraud, credential stuffing, and covert command and control (C2) routing.' Google, meanwhile, confirmed in a July 17 statement that it had 'filed a lawsuit in New York federal court against the botnet's perpetrators.' Google also said that it has 'updated Google Play Protect, Android's built-in malware and unwanted software protection, to automatically block BadBox-associated apps.' FBI Recommendations And Mitigations — Disconnect Devices From The Internet Now The FBI has recommended that Android users should be on the lookout for a number of potential clues that your Chinese-manufactured smart device could be infected with BadBox 2.0 malware. When it comes to mitigation, the advice is straightforward: users should 'consider disconnecting suspicious devices from their networks,' the FBI said.
Daily Mirror
6 days ago
- Daily Mirror
Millions of Android users must switch off their devices immediately, check yours today
A worrying new Android attack has left around 10 million devices infected with a scary malware - check yours is not on this list. A new alert has been issued to Android users and it's not something anyone should ignore. The latest warning comes after the discovery that millions of devices have been infected with the so-called BadBox malware. This bug is not only capable of making cyber crooks serious amounts of money via annoying adware, but it could also expose users to concerning ransomware, which asks for money in exchange for personal data not being leaked. It's currently thought that around 10 million gadgets have even been exposed to BadBox 2.0, but this time it's not phones that are affected. Instead, it's other devices that also use a version of Android including tablets, projectors and streaming boxes. These very cheap and enticing products are being made in China and often come pre-loaded with BadBox. In a bid to end the attacks and keep consumers safe, Google is now trying to shut down this illegal operation with the US technology giant filing a lawsuit against those creating and selling the dodgy devices. "This botnet—called the 'BadBox 2.0' botnet—is already the largest known botnet of internet-connected TV devices, and it grows each day,' Google confirmed. 'Without warning, it could be used to commit more dangerous cybercrimes, such as ransomware or distributed denial-of-service ('DDoS') attacks.' Along with Google issuing an alert, the FBI has also had its say on the problems with the law agency urging consumers to be aware and turn things off if they think they have a device that could be infected. 'The public is urged to evaluate IoT devices in their home for any indications of compromise and consider disconnecting suspicious devices from their networks," the FBI said. Some of the known devices that have been purchased include Android TV boxes with model numbers X88 Pro 10, T95, MXQ Pro, and QPLOVE Q9. If you think you have bought a set-top box from an unofficial store - especially any of the ones mentioned above - it's worth checking to see if it Google Play Protect-certified. If it's not, be warned. Before buying a new device, it's also worth avoiding off-brand gadgets that aren't from a known manufacturer, as they could be targeted by Badbox 2.0. This malware can also be added after the box is installed in homes, so be careful when downloading apps and only access software from official.
The Irish Sun
7 days ago
- The Irish Sun
Over 10 million Android users told to turn off devices after Google exposes ‘infection' – exact list of models affected
HOUSEHOLDS have been warned against buying cheap gadgets online that may come pre-installed with dangerous malware. As many as 10 million devices have been affected, according to a recent 3 BadBox targets Android devices and has been found inside 24 apps on the Google Play Store, security researchers at MalwareBytes have said Credit: Android TV 3 Cyber criminals gain access either by installing malicious software prior to the users purchase, or infecting the device as it downloads required applications during the set-up process Credit: Getty TV set-top boxes, tablets and digital projectors being made in China have been found to be either susceptible to a malware known as BadBox 2.0, or have it already downloaded by the time it is shipped. BadBox targets Android devices and has been found inside 24 apps on the Google Play Store, security researchers at While those apps, and several BadBox servers, were removed as of March 2025, it remains one of the biggest malware threats to internet-connected TVs. The minute consumers set up the device, they open up a backdoor for criminals to access other devices in their home network. READ MORE ON ANDROID Cyber criminals gain access either by installing malicious software prior to the users purchase, or infecting the device as it downloads required applications during the set-up process. Badbox can run advertising fraud, as well as more worrying attacks, such as ransomware, where users are often asked to pay a fee to stop data being leaked. In its security warning, Google wrote: "The BadBox 2.0 botnet compromised over 10 million uncertified devices running Android's open-source software (Android Open Source Project), which lacks Google's security protections. 3 The FBI has also issued an alert about the BadBox malware campaign, saying there may be more gadgets affected - including car infotainment systems Credit: Mercedes-Benz AG "Cyber criminals infected these devices with preinstalled malware and exploited them to conduct large-scale ad fraud and other digital crimes." Most read in Tech The tech giant has now filed a lawsuit in the New York federal court against the crooks behind BadBox. Some of the known devices that have been infected include Android TV boxes with model numbers X88 Pro 10, T95, MXQ Pro, and QPLOVE Q9. Urgent warning to delete 2 dangerous apps that STEAL all photos & blackmail you It's unclear if these are the only affected TV boxes. Though tablets and digital projectors with unknown model numbers are still reportedly affected. If you think you have purchased a cheap Android-powered set-top box - especially one mentioned above - it's important to check if it Google Play Protect-certified. Google Play Protect is Android's built-in malware and unwanted software protection, which the tech company has updated to automatically block BadBox-infected apps. "While these actions kept our users and partners safe," according to Google. "This lawsuit enables us to further dismantle the criminal operation behind the botnet, cutting off their ability to commit more crime and fraud." The FBI has also issued an alert about the BadBox malware campaign , saying there may be more gadgets affected. "Cyber criminals gain unauthorised access to home networks through compromised IoT (internet of things) devices," the FBI wrote in an WHAT TO LOOK OUT FOR There are six signs that your digital gadgets may have been infected with BadBox 2.0 malware, according to the FBI: Possible indicators of BadBox 2.0 botnet activity include: The presence of suspicious marketplaces where apps are downloaded. Requiring Google Play protect settings to be disabled. Generic TV streaming devices advertised as unlocked or capable of accessing free content. IoT devices advertised from unrecognizable brands. Android devices that are not Play Protect certified. Unexplained or suspicious Internet traffic. Image credit: Getty
Scottish Sun
7 days ago
- Scottish Sun
Over 10 million Android users told to turn off devices after Google exposes ‘infection' – exact list of models affected
The tech giant has now filed a lawsuit in the New York federal court against the crooks behind BadBox BIG SWITCH-OFF Over 10 million Android users told to turn off devices after Google exposes 'infection' – exact list of models affected HOUSEHOLDS have been warned against buying cheap gadgets online that may come pre-installed with dangerous malware. As many as 10 million devices have been affected, according to a recent security warning from Google. Advertisement 3 BadBox targets Android devices and has been found inside 24 apps on the Google Play Store, security researchers at MalwareBytes have said Credit: Android TV 3 Cyber criminals gain access either by installing malicious software prior to the users purchase, or infecting the device as it downloads required applications during the set-up process Credit: Getty TV set-top boxes, tablets and digital projectors being made in China have been found to be either susceptible to a malware known as BadBox 2.0, or have it already downloaded by the time it is shipped. BadBox targets Android devices and has been found inside 24 apps on the Google Play Store, security researchers at MalwareBytes have said. While those apps, and several BadBox servers, were removed as of March 2025, it remains one of the biggest malware threats to internet-connected TVs. The minute consumers set up the device, they open up a backdoor for criminals to access other devices in their home network. Advertisement Cyber criminals gain access either by installing malicious software prior to the users purchase, or infecting the device as it downloads required applications during the set-up process. Badbox can run advertising fraud, as well as more worrying attacks, such as ransomware, where users are often asked to pay a fee to stop data being leaked. In its security warning, Google wrote: "The BadBox 2.0 botnet compromised over 10 million uncertified devices running Android's open-source software (Android Open Source Project), which lacks Google's security protections. 3 The FBI has also issued an alert about the BadBox malware campaign, saying there may be more gadgets affected - including car infotainment systems Credit: Mercedes-Benz AG Advertisement "Cyber criminals infected these devices with preinstalled malware and exploited them to conduct large-scale ad fraud and other digital crimes." The tech giant has now filed a lawsuit in the New York federal court against the crooks behind BadBox. Some of the known devices that have been infected include Android TV boxes with model numbers X88 Pro 10, T95, MXQ Pro, and QPLOVE Q9. Urgent warning to delete 2 dangerous apps that STEAL all photos & blackmail you It's unclear if these are the only affected TV boxes. Advertisement Though tablets and digital projectors with unknown model numbers are still reportedly affected. If you think you have purchased a cheap Android-powered set-top box - especially one mentioned above - it's important to check if it Google Play Protect-certified. Google Play Protect is Android's built-in malware and unwanted software protection, which the tech company has updated to automatically block BadBox-infected apps. "While these actions kept our users and partners safe," according to Google. "This lawsuit enables us to further dismantle the criminal operation behind the botnet, cutting off their ability to commit more crime and fraud." Advertisement The FBI has also issued an alert about the BadBox malware campaign, saying there may be more gadgets affected. "Cyber criminals gain unauthorised access to home networks through compromised IoT (internet of things) devices," the FBI wrote in an alert. "Such as TV streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames and other products."
