- FBI warns Badbox 2.0 Malware has infected over one million units
- Cheap, Chinese-made, Android-Driven Devices Often the Victim
- Units that were hijacked to become part of the global botnet
Over a million units have been infected by a dangerous malware tribe that has turned them into malicious proxies, the FBI has warned.
In a new alarm, the agency called on users to be on their watch against Badbox 2.0, a malware threat targeted at Android-powered devices, often manufactured in China.
The FBI warns devices such as smart TVs, streaming boxes, projectors, tablets and other Internet of Things (IoT) devices can all be in danger or converted into housing proxies that are then used for malicious activity.
Badbox 2.0 Malware Warning
“Badbox 2.0 Botnet consists of millions of infected devices and maintains several back doors for proxy services used by cyber criminals by either selling or giving free access to compromised home metrics to be used for various criminal activities,” the FBI warning states.
It noted that the affected devices are often delivered with preloaded, but it can also be transferred after installing firmware updates and malicious Android applications that have managed to enter Google Play and third-party app stores.
“Cyber criminals get unauthorized access to home network by either configuring the product with malicious software before users buy or infect the device as the downloader required applications containing back doors usually during the setup process,” the FBI explained.
“When these compromised IoT devices are connected to home network, the infected devices are susceptible to becoming part of Badbox 2.0 Botnet and Residential Proxy Services4 known to be used for malicious activity.”
It added that malware is also able to load and click on ads, without users being aware that generating revenue for the hackers and also accessing the victim’s accounts using stolen credentials.
The FBI has warned users to monitor their devices carefully and make sure all their IoT devices come from a reputable source. Users are also instructed not to download apps from unauthorized app stores, and make sure their software and firmware is kept up to date.
The original Badbox Malware was detected in 2023 with a similar mode of operation targeting cheap unbranded Android -TV boxes.
Botnet was successfully disturbed by German authorities back in December 2024, but this does not appear to have deterred the hackers that have managed to grow the network across the globe, which led to reclassification such as Badbox 2.0.
Badbox 2.0 was originally marked in early 2025 by cybersecurity experts from human satori threat information team, which along with several partners removed dozens of malicious apps from the Play Store, forbidden their developers and swallowed communication for hundreds of thousands of infected devices.
