- The FBI warns that badbox 2.0 malware infected more than a million devices
- Cheap devices, made in Chinese and Android often the victim
- Diverted devices to be part of the world botnet
More than a million devices have been infected with a dangerous strain of malicious software that transformed them into malicious proxies, the FBI warned.
In a new alert, the agency urged users to be on their guard against Badbox 2.0, a malicious software threat that targets devices powered by Android, often made in China.
The FBI prevents devices such as intelligent televisions, streaming boxes, projectors, tablets and other internet objects (IOT) could all be at risk or be transformed into residential proxies which are then used for malicious activity.
Badbox 2.0 malware warning
“The Botnet Badbox 2.0 consists of millions of infected devices and maintains many wanderings to the proxy services that cyber-criminals operate by selling or providing free access to domestic networks compromised to be used for various criminal activities,” said FBI warning.
He noted that affected devices are often delivered with preloaded malicious software, but it can also be transferred after installing firmware and malicious Android applications that have managed to access Google Play and third -party application stores.
“Cyber-criminals have unauthorized access to domestic networks by configuring the product with malware before users buy or infect the device because it downloads the required applications that contain waste, usually during the configuration process,” said the FBI.
“Once these IoT compromise devices are connected to domestic networks, infected devices are likely to be part of the Botnet Badbox 2.0 and residential proxy services 4 known to be used for malicious activity.”
He added that malware is also able to load and click on announcements without users being aware, generating income for pirates and also access the victim’s accounts using stolen identification.
The FBI has warned users to carefully monitor their devices and make sure that all of their IoT devices come from a renowned source. Users are also responsible for not downloading applications from unauthorized application stores and ensure that their software and firmware are up to date.
The original badbox malware was detected in 2023 with a similar operating mode, targeting the Android TV boxes without cheap brand.
The botnet was successfully disrupted by the German authorities in December 2024, but that does not seem to have dissuaded the pirates, who have managed to develop the network around the world, leading to reclassification as Badbox 2.0.
Badbox 2.0 was initially reported at the beginning of 2025 by cybersecurity experts from the human threat intelligence team, who, with several partners, deleted dozens of malicious applications of the Play Store, prohibited their developers and communications to flow for hundreds of thousands of infected devices.
