- Google files a major trial with a district court
- The trial claims that Google has lost money and reputation due to Badbox 2.0
- 25 The nameless Chinese are accused of having managed the program
Google continued 25 unidentified Chinese citizens to build and exploit the famous Botnet Badbox 2.0.
A legal complaint filed by the United States District Court for the South New York District, said the defendants had created and operated a botnet that infects more than 10 million devices to the Internet worldwide. The devices include TV streaming boxes, tablets, projectors and automotive infotainment systems, mainly operating on AOSP (open source Android project), and not protected by Google Play Protect.
Malware has come preinstalled on the devices (via a supply chain attack), or downloaded via misleading applications, and once infected, the devices connect to a control and control server (C2), granting the remote control of threat actors.
Residential proxy and advertising fraud
The 25 people in the complaint would have used the botnet to provide residential proxies, commit advertising fraud and click on fraud. Google says it has sold access to infected devices as residential proxies, hiding the identity of buyers and allowing them to commit crimes of their own takeover, an identification flight, DDOS attacks, etc.
Defenders also used them to generate false ad impressions and clicks, launch hidden navigators to interact with advertising sites and deploy “evil” applications that imitate legitimate applications, deceiving users and advertising platforms.
The part of advertising fraud is particularly disturbing for Google, it seems. The company claims that it is forced to pay fraudulent advertising traffic and spend resources to investigate and mitigate the botnet. He also argues that the Botnet is undergoing confidence in the Google platform, eroding its reputation, which also leads to less profit.
Unfortunately, the chances that China identifies and extradite these individuals are almost not. The country rarely cooperates with the United States in terms of cybersecurity, because the two countries are considered to be adversaries, frequently exchanging blows in cyberspace.
Via The register
