Latest news with #BADBOX2.0
Yahoo
11 hours ago
- Yahoo
BADBOX 2.0 Botnet alert: FBI warns smart TVs, digital device may have exploit
The Brief Cyber criminals are exploiting IoT devices in homes to create a botnet called BADBOX 2.0, enabling illegal online activities. Most compromised devices are manufactured in China and become infected either pre-loaded with malware or during app downloads containing hidden backdoors. The FBI advises the public to assess and disconnect suspicious IoT devices, avoid unofficial app sources, and report potential victimization to the Internet Crime Complaint Center. WASHINGTON - The Federal Bureau of Investigation issued a public alert on Thursday, cautioning Americans about cyber criminals who are exploiting internet-connected devices in homes to conduct illegal activities through a network known as the BADBOX 2.0 botnet. What we know According to the FBI, criminals are gaining unauthorized access to home networks by targeting Internet of Things (IoT) devices such as TV streaming boxes, digital projectors, digital picture frames, and aftermarket vehicle infotainment systems. Most of these compromised devices are manufactured in China and are either pre-loaded with malicious software or become infected during setup when users download apps containing hidden backdoors. Dig deeper Once compromised, these devices become part of BADBOX 2.0—a botnet comprising millions of infected systems used to access residential proxy services, often without the knowledge of consumers. The FBI noted that BADBOX 2.0 is the successor to the original BADBOX campaign, which was disrupted in 2024 after being discovered in 2023. The initial version primarily targeted Android devices compromised with backdoor malware prior to purchase. The updated campaign now also infects devices via unofficial app marketplaces. Why you should care Cyber criminals utilize these infected devices to sell or offer free access to compromised home networks, enabling a wide range of illegal online activities. The FBI listed several signs that may indicate a device is compromised, including the presence of unofficial app marketplaces, devices requiring Google Play Protect to be disabled, streaming devices advertised as "unlocked" or able to access free content, unknown or unverified device brands, Android devices that are not Play Protect certified, and unexplained or suspicious internet traffic. What you can do The FBI is urging the public to assess all IoT devices connected to their home networks and consider disconnecting any device that appears suspicious. Officials also advise consumers to avoid downloading apps from unofficial sources, keep software updated, monitor network activity, and prioritize patching any known vulnerabilities. The agency acknowledged contributions from Google, Human Security, Trend Micro, and the Shadowserver Foundation in preparing the alert. Anyone who believes they may have been a victim is urged to file a report with the FBI's Internet Crime Complaint Center at The Source The details in this article were provided by the FBI.
Forbes
17-04-2025
- Business
- Forbes
Apollo Exposed: What 400M Fake Ad Requests Reveal About Fraud
Audio advertising is booming. With programmatic audio spend projected to surpass $2 billion in 2025, it's become one of the most promising—and vulnerable—channels in digital media. Where innovation leads, cybercrime follows. And the recent Apollo operation uncovered by HUMAN and The Trade Desk is a case study in just how sophisticated, and damaging, that fraud can be. At its peak, Apollo accounted for 400 million fraudulent bid requests per day, making it the largest audio-related ad fraud scheme ever detected. But what makes Apollo especially troubling isn't just the scale—it's how convincingly it mimicked legitimate traffic, exploited supply chain blind spots, and leveraged malware-infected CTV devices to obscure its origin. I spoke with Will Herbig, senior director for AdTech Fraud Research & Strategic Customer Analytics at HUMAN, about the research. He explained that Apollo preyed on a fundamental weakness in server-side ad insertion, the technology used to serve seamless audio and video ads without interrupting user experience. With SSAI, advertisers receive limited telemetry—often just a user-agent string and an IP address—making it an ideal environment for spoofing. Fraudsters behind Apollo reverse-engineered the ad request flows of legitimate apps, replicating their formats to impersonate real audio ad inventory. They even spoofed apps that shouldn't have been serving audio at all. 'One of the things that sparked this investigation was the question of, why are puzzle apps serving audio ads?' Herbig told me. 'At least in my experience, it's uncommon that a puzzle app or something like that is going to serve an audio ad.' It was a subtle anomaly—but it set off a cascade of deeper analysis that ultimately exposed Apollo's intricate fabrication tactics. Apollo's traffic wasn't generated by infected devices in the traditional sense. Instead, bid requests were fabricated wholesale—generated by script, spoofed to resemble real devices, and funneled through residential proxies to mask their true data center origins. Herbig emphasized that the scale Apollo operated at generated traffic equivalent to a the traffic of a mid-sized city like Stamford, Connecticut. That scale was achieved in part thanks to BADBOX 2.0, a botnet of over a million compromised connected TV devices. Apollo traffickers leveraged BADBOX to route requests through residential IPs, making the traffic appear legitimate and difficult to trace. HUMAN had previously disrupted BADBOX, but its infrastructure was clearly still being exploited. By layering spoofed app identities, forged device configurations, and residential proxy evasion, Apollo's operators built a fraud operation that slipped through many traditional defenses. The real damage, however, was in how Apollo exploited programmatic advertising's fragmented supply chain. Many platforms only validate the final seller in a transaction—a check that Apollo often passed. But those 'authorized' sellers were frequently several layers removed from the spoofed origin. 'There can be non-compliance in earlier parts of the supply chain, and then as you get to later parts, things look valid,' Herbig said. 'Many implementations of these supply chain standards are only checking the last place that came from, so everything that happened before that is kind of out of scope.' This phenomenon—what HUMAN refers to as 'supply chain convergence'—allows spoofed inventory to piggyback on authorized reseller pathways, creating a false sense of legitimacy. It's a loophole that remains dangerously under-policed in today's real-time bidding ecosystem. HUMAN didn't just uncover Apollo—they helped dismantle it. Leveraging a predictive pre-bid scoring engine and an aggressive response strategy, the company saw a 99% reduction in Apollo-associated traffic across its platform. 'We are effectively demonetizing this supply,' Herbig said. 'By reducing the amount of bids that this inventory is getting… we're making it harder and harder for fraudsters to profit.' The broader goal, Herbig explained, is to make ad fraud uneconomical at scale. Each operation disrupted increases the operational cost for cybercriminals. Every layer of complexity—whether it's a disrupted proxy network, stricter supply chain checks, or tighter SDK enforcement—raises the barrier to entry. One of the strongest weapons against operations like Apollo isn't just technology—it's collaboration. HUMAN has leaned heavily into this strategy through its Human Collective, a multi-stakeholder initiative aimed at threat sharing and collective protection. According to Herbig, 'One of the great things we're doing is threat sharing. When we are observing concentrations of IBT, we are discussing that with the Human Collective, and we're using it as a forum for collaboration and a forum for discussion.' By sharing intelligence, surfacing patterns, and coordinating responses, HUMAN and its partners are creating a ripple effect across the programmatic ecosystem. The goal isn't to eliminate fraud entirely—it's to tip the cost-benefit equation against the fraudsters. As Herbig put it, 'We're trying to disrupt the economics of cybercrime… to the point that it becomes not worth it.' Apollo is a milestone—not just in the scope of audio ad fraud, but in how the industry responds to it. The findings call for stronger adoption of third-party verification tools like the Open Measurement SDK, more rigorous end-to-end supply path validation, and above all, tighter industry-wide collaboration. Audio may be one of the newest frontiers in ad fraud, but it doesn't have to be the most vulnerable. With vigilance, transparency, and cooperation, the industry has a fighting chance to turn down the noise and restore trust in programmatic audio.
