Over 10 million Android users told to turn off devices after Google exposes ‘infection' – exact list of models affected

The Sun

5 days ago

HOUSEHOLDS have been warned against buying cheap gadgets online that may come pre-installed with dangerous malware.
As many as 10 million devices have been affected, according to a recent security warning from Google.
3
TV set-top boxes, tablets and digital projectors being made in China have been found to be either susceptible to a malware known as BadBox 2.0, or have it already downloaded by the time it is shipped.
BadBox targets Android devices and has been found inside 24 apps on the Google Play Store, security researchers at MalwareBytes have said.
While those apps, and several BadBox servers, were removed as of March 2025, it remains one of the biggest malware threats to internet-connected TVs.
The minute consumers set up the device, they open up a backdoor for criminals to access other devices in their home network.
Cyber criminals gain access either by installing malicious software prior to the users purchase, or infecting the device as it downloads required applications during the set-up process.
Badbox can run advertising fraud, as well as more worrying attacks, such as ransomware, where users are often asked to pay a fee to stop data being leaked.
In its security warning, Google wrote: "The BadBox 2.0 botnet compromised over 10 million uncertified devices running Android's open-source software (Android Open Source Project), which lacks Google's security protections.
3
"Cyber criminals infected these devices with preinstalled malware and exploited them to conduct large-scale ad fraud and other digital crimes."
The tech giant has now filed a lawsuit in the New York federal court against the crooks behind BadBox.
Some of the known devices that have been infected include Android TV boxes with model numbers X88 Pro 10, T95, MXQ Pro, and QPLOVE Q9.
It's unclear if these are the only affected TV boxes.
Though tablets and digital projectors with unknown model numbers are still reportedly affected.
If you think you have purchased a cheap Android-powered set-top box - especially one mentioned above - it's important to check if it Google Play Protect-certified.
Google Play Protect is Android's built-in malware and unwanted software protection, which the tech company has updated to automatically block BadBox-infected apps.
"While these actions kept our users and partners safe," according to Google. "This lawsuit enables us to further dismantle the criminal operation behind the botnet, cutting off their ability to commit more crime and fraud."
The FBI has also issued an alert about the BadBox malware campaign, saying there may be more gadgets affected.
"Cyber criminals gain unauthorised access to home networks through compromised IoT (internet of things) devices," the FBI wrote in an alert. "Such as TV streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames and other products."
WHAT TO LOOK OUT FOR
There are six signs that your digital gadgets may have been infected with BadBox 2.0 malware, according to the FBI:
Possible indicators of BadBox 2.0 botnet activity include:
The presence of suspicious marketplaces where apps are downloaded.
Requiring Google Play protect settings to be disabled.
Generic TV streaming devices advertised as unlocked or capable of accessing free content.
IoT devices advertised from unrecognizable brands.
Android devices that are not Play Protect certified.
Unexplained or suspicious Internet traffic.
Image credit: Getty