Summary: The BADBOX 2.0 scheme involves at least four distinct threat actors operating a large-scale ad fraud and residential proxy operation, utilizing compromised consumer devices to create a massive botnet. This sophisticated fraud ring targets inexpensive Android devices worldwide, causing significant financial damage through various forms of cybercrime. The operation has seen partial disruptions, including Google removing compromised apps from the Play Store.
Affected: Consumer devices, including Android tablets, connected TV boxes, and digital projectors globally
Keypoints :
- BADBOX 2.0 is described as the largest botnet of infected connected TV devices ever uncovered.
- Infected devices are primarily low-cost Android devices manufactured in mainland China, with notable infections in Brazil, the U.S., and Mexico.
- The operation uses a backdoor malware called BB2DOOR propagated through various means, including pre-installed software and trojanized apps.
- Four threat groups are identified: SalesTracker Group, MoYu Group, Lemon Group, and LongTV, with connections to ad fraud and residential proxy services.
- Recent efforts to disrupt the operation include the sinkholing of bad domains and the removal of malicious apps by Google.
Source: https://thehackernews.com/2025/03/badbox-20-botnet-infects-1-million.html