Badbox 2.0 malware spreads to more than 1 million Android devices, says FBI
The United States Federal Bureau of Investigation (FBI) has issued a warning saying that the Badbox 2.0 malware campaign has infected more than 1 million Android devices. First discovered in early 2023 on a T95 Android TV box available on Amazon, the malware comes pre-installed with several Chinese-made unbranded Android-powered smart TVs, streaming boxes, tablets and other IoT devices.
It was also noted that out of the 1.6 million devices the malware infected, several Android TVs were from known brands like Hisense and Yandex. According to cybersecurity firm Bitsight, the majority of devices infected by Badbox were from countries like India, Russia, China, Brazil, Ukraine and Belarus.
Believed to belong to the Triada family of malware, the main goal of the Badbox botnet is financial gain via ad fraud and stealing credentials. The malware not only generates revenue for threat actors by clicking on ads in the background, but also attempts to steal accounts using stolen credentials.
To mask its malicious activity, the Badbox botnet routes traffic through infected devices, making it harder to know where the data is being sent. The Federal Office of Information Security (BSI), Germany, said that the malware also targeted devices with old firmware, such as streaming devices, media players and digital picture frames.
If your device is overheating, having performance issues like high CPU usage or a change in device settings, chances are it could be hosting the Badbox malware. And while most infected devices are tampered with at the supply chain level, some get infected via the installation of untrusted third-party apps.
Badbox 2.0 evolved from the original Badbox network, and over the years, has continued to spread despite international agencies cracking down on the botnet's network and operations. Signs of infection include the system automatically installing shady app marketplaces, disabling Google Play Protect, or streaming devices having unlimited free access to content.
Last year, the German authorities had disrupted the malware's botnet network, but despite their attempts, a security researcher said in December that Badbox 'still seems to be very much alive and spreading.' A week after the crackdown, experts claimed that Badbox was still infecting more than 1,92,000 devices.
According to HUMAN's Satori Threat Intelligence, the malware had managed to infect more than 1 million consumer devices by March 2025. Infecting more than 222 countries and territories worldwide, these infected devices are not running on Android TV OS but are based on the Android Open Source Project (AOSP), which is not certified by Google Play Protect. The FBI also said that these devices are manufactured in mainland China and shipped worldwide.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Indian Express
an hour ago
- Indian Express
Clashes resume for second day in Los Angeles as immigration raids draw new protests
For the second consecutive day, federal agents faced off against demonstrators in the Los Angeles area on Saturday and tear gas and flash bangs were used to disperse the crowd over immigration activity, which even prompted a senior White House official to call the protests a 'violent insurrection.' Top officials of US President Donald Trump's administration have warned to prosecute anyone who interferes with the enforcement of immigration laws. Border Patrol personnel in riot gear were seen outside an industrial park in Paramount city, and deployed tear gas as protesters gathered across the street. Some of the protesters jeered at the personnel while recording the event. A woman was heard saying through the megaphone, 'ICE out of Paramount. We see you for what you are, you are not welcome here.' Another handheld sign stated, 'No Human Being is Illegal.' A message to the LA rioters: you will not stop us or slow us down. @ICEgov will continue to enforce the law. And if you lay a hand on a law enforcement officer, you will be prosecuted to the fullest extent of the law. — Secretary Kristi Noem (@Sec_Noem) June 7, 2025 The security agents remained in a tense situation with protesters as some showed Mexican flags and others covered their mouths with respiratory masks. The Right to assemble and protest does not include a license to attack law enforcement officers, or to impede and obstruct our lawful immigration operations. We are thoroughly reviewing the evidence from yesterday's incident in Los Angeles and we are working with the US… — Dan Bongino (@FBIDDBongino) June 7, 2025 The FBI has taken over the investigation of instances of demonstrators obstructing immigration enforcement operations in Los Angeles on Friday and Saturday, with FBI's Deputy Director Dan Bongino confirming on X 'We are thoroughly reviewing the evidence from yesterday's incident in Los Angeles and we are working with the US Attorney's Office to ensure the perpetrators are brought to justice.' The head of Department of Homeland Security, Kristi Noem, in a post on X said 'A message to the LA rioters: you will not stop us or slow us down.' Trump's border czar Tom Homan told Fox News that National Guards would be deployed in the Los Angeles area on Saturday evening. A first round of protests triggered on Friday in Los Angeles after Immigration and Customs Enforcement (ICE) agents carried out immigration enforcement operations in the city and arrested 44 people on alleged immigration violations. A tense scene unfolded outside the area as a crowd tried to block agents from driving away.
Hindustan Times
2 hours ago
- Hindustan Times
Centre gives nod for weapons that outgun Pakistan's arsenal
Even as national security planners and military chiefs celebrated one month of Operation Sindoor on Saturday evening, HT learns that the defence ministry has given the green signal to the three services to replenish inventory with longer-range loitering ammunition, artillery shells, kamikaze drones and beyond-visual-range air-to-air missiles that out-range the Chinese missiles used by Pakistan during the four day high intensity skirmish. According to people familiar with the matter and on the basis of action taken reports and damage assessment undertaken by the three services, there is digital evidence to conclude that the Indian Air Force (IAF) fighters, surface-to-air missile batteries and S-400 air defence system downed four Pakistani Chinese-made fighter jets and two big aircraft (possibly one C-130 J and one SAAB 2000 airborne early warning system) during Operation Sindoor. There are also indications, the people added, that two F-16 fighter aircraft may have been partly damaged during the IAF's missile assault on 11 airbases, including those at Sargodha, Rafiqui, Jacobabad and Nur Khan (Chaklala, Rawalpindi). The reports indicate that India's Rafale fighters, S-400 missile systems and M777 howitzers acquitted themselves well during the four-day conflict with the Russian air defence system taking three enemy aircraft. They also show that India destroyed one Chinese LY-80 fire radar, two AN TPQ-43 US-made automatic tracking radar and one fire unit of Chinese HQ-9 radar at Chaklala during the retaliatory strike on May 10. Intelligence inputs now suggest that Pakistan has four HQ-9 (the Chinese equivalent of the Russian S-300 air defence radars) instead of two originally estimated by national security planners. The Pakistani military used the Chinese version of PL -15 air to air missile which has a range of 180 are also inputs that the Pakistanis, by mixing two fire units of 250-km range HQ 9 air defence system with two other 150-km range systems at Chaklala and Malir cantonment near Karachi, respectively, may have tried to catch the Indian Air Force by surprise. The Action Taken Reports also show that IAF fired 19 BrahMos supersonic cruise missiles on Pakistan air bases and almost an equal number of French SCALP subsonic cruise missiles. The Pakistanis, in turn, fired CM-400 AKG air-launched supersonic missiles at Indian air bases using Chinese JF-17 fighters but these failed to do any damage. The Turkish built YIHA loitering ammunition that Pakistanis fired in large numbers were either jammed by the Indian electronic warfare suite, missed their targets, or were taken down by India's robust air defence system. Even the FATAH-1 rockets fired by Pakistan were either off the mark or were intercepted by the Indian air defence systems. HT learns that there is now adequate evidence that India's first counter-terror strike on May 7 was a success as Markaz-e-Taiba (the LeT headquarters at Muridke) was hit by four to five Crystal Maze missiles, which show a small entry point but damage the facility within. The Jaish-e-Mohammed facility at Markaz-e-Subhan Allah was hit by 6 SCALP missiles launched from Rafale fighters and totally destroyed the terror factory through pin-pointed strike using bunker busting techniques. The US-made Excalibur ammunition used by M-777 howitzers of the Indian Army destroyed the tier 2 defences of the Pakistan Army across the LoC as did India's Polish-made loitering extended range ammunition. The Indian Air Force and Indian Navy used Israeli loitering ammunition to destroy terror camps in Occupied Kashmir on May 7. Between the launch of the operation in the early hours of May 7 and the ceasefire on the evening of May 10, Indian forces bombed nine terror camps in Pakistan and PoK and killed at least 100 terrorists, and the Indian Air Force struck targets at 13 Pakistani air bases and military installations. On Tuesday, it emerged that India's targeting of locations within Pakistan during the May 7-10 clash was more extensive than was previously known, with a Pakistani document acknowledging that Indian drones had struck locations ranging from Peshawar in the northwest to Hyderabad in the south. Pakistan's Operation Bunyan-ul-Marsoos, which was mounted in response to Operation Sindoor, 'folded in eight hours' on May 10 belying Islamabad's ambitious target of bringing India to its knees in 48 hours, chief of defence staff General Anil Chauhan said on Tuesday. The action taken reports as well as the immediate emphasis on replenishment suggest that the Indian forces are aware, as Prime Minister Narendra Modi has repeatedly said, that Operation Sindoor isn't over.
New Indian Express
4 hours ago
- New Indian Express
Global Smartwatch Shipments decline 2% in Q1 2025; Apple leads amid rising Chinese brands
The global smartwatch market saw a 2% year-over-year (YoY) decline in shipments during the first quarter of 2025, signaling a period of stabilization after years of rapid growth. According to the counterpoint research, despite the dip, Apple retained its position as the market leader, capturing 20% of global shipments. It was followed by Huawei with 16% and Xiaomi with 10%, both of which showed significant growth. Apple slips as Chinese brands accelerate Among the top 10 smartwatch brands, Huawei and Xiaomi registered the fastest YoY growth, driven by strong domestic demand and expansion in emerging markets. Apple, on the other hand, experienced a 9% YoY decline, primarily due to waning consumer interest. Industry analysts point to the lack of significant innovations in recent Apple Watch models as a key factor, with many users opting to hold off on upgrades. Apple's market share has also seen notable fluctuations over recent quarters. While it led with 31% share in Q4 2023, its share dropped to 20% in Q1 2025, reflecting a seasonal slowdown and intensifying competition. The 'Others' category — encompassing all non-Apple brands — accounted for 80% of the market in Q1 2025, underscoring the growing diversity of options available to consumers. China emerged as the top contributor to global smartwatch shipments this quarter, accounting for 29% of total volume. The country also recorded the highest YoY shipment growth at 40%, fueled by robust performance from Huawei, BBK (Imoo), and Xiaomi. This surge highlights China's role as both a major manufacturing hub and a fast-growing consumer market for wearables. In North America, High-Level Operating System (HLOS) smartwatches dominated with an 84% share, led by Apple, Samsung, and Garmin. The region continues to favor feature-rich smartwatches over basic fitness trackers, driven by health monitoring and connectivity features. As the smartwatch market matures, brands are expected to focus more on innovation, pricing strategies, and regional customization to sustain growth and consumer Kumar @ New Delhi The global smartwatch market saw a 2% year-over-year (YoY) decline in shipments during the first quarter of 2025, signaling a period of stabilization after years of rapid growth. According to the counterpoint research, despite the dip, Apple retained its position as the market leader, capturing 20% of global shipments. It was followed by Huawei with 16% and Xiaomi with 10%, both of which showed significant growth. Apple slips as Chinese brands accelerate Among the top 10 smartwatch brands, Huawei and Xiaomi registered the fastest YoY growth, driven by strong domestic demand and expansion in emerging markets. Apple, on the other hand, experienced a 9% YoY decline, primarily due to waning consumer interest. Industry analysts point to the lack of significant innovations in recent Apple Watch models as a key factor, with many users opting to hold off on upgrades. Apple's market share has also seen notable fluctuations over recent quarters. While it led with 31% share in Q4 2023, its share dropped to 20% in Q1 2025, reflecting a seasonal slowdown and intensifying competition. The 'Others' category — encompassing all non-Apple brands — accounted for 80% of the market in Q1 2025, underscoring the growing diversity of options available to consumers. China emerged as the top contributor to global smartwatch shipments this quarter, accounting for 29% of total volume. The country also recorded the highest YoY shipment growth at 40%, fueled by robust performance from Huawei, BBK (Imoo), and Xiaomi. This surge highlights China's role as both a major manufacturing hub and a fast-growing consumer market for wearables. In North America, High-Level Operating System (HLOS) smartwatches dominated with an 84% share, led by Apple, Samsung, and Garmin. The region continues to favor feature-rich smartwatches over basic fitness trackers, driven by health monitoring and connectivity features. As the smartwatch market matures, brands are expected to focus more on innovation, pricing strategies, and regional customization to sustain growth and consumer interest.
