Latest news with #Badbox
The Irish Sun
21-07-2025
- The Irish Sun
Over 10 million Android users told to turn off devices after Google exposes ‘infection' – exact list of models affected
HOUSEHOLDS have been warned against buying cheap gadgets online that may come pre-installed with dangerous malware. As many as 10 million devices have been affected, according to a recent 3 BadBox targets Android devices and has been found inside 24 apps on the Google Play Store, security researchers at MalwareBytes have said Credit: Android TV 3 Cyber criminals gain access either by installing malicious software prior to the users purchase, or infecting the device as it downloads required applications during the set-up process Credit: Getty TV set-top boxes, tablets and digital projectors being made in China have been found to be either susceptible to a malware known as BadBox 2.0, or have it already downloaded by the time it is shipped. BadBox targets Android devices and has been found inside 24 apps on the Google Play Store, security researchers at While those apps, and several BadBox servers, were removed as of March 2025, it remains one of the biggest malware threats to internet-connected TVs. The minute consumers set up the device, they open up a backdoor for criminals to access other devices in their home network. READ MORE ON ANDROID Cyber criminals gain access either by installing malicious software prior to the users purchase, or infecting the device as it downloads required applications during the set-up process. Badbox can run advertising fraud, as well as more worrying attacks, such as ransomware, where users are often asked to pay a fee to stop data being leaked. In its security warning, Google wrote: "The BadBox 2.0 botnet compromised over 10 million uncertified devices running Android's open-source software (Android Open Source Project), which lacks Google's security protections. 3 The FBI has also issued an alert about the BadBox malware campaign, saying there may be more gadgets affected - including car infotainment systems Credit: Mercedes-Benz AG "Cyber criminals infected these devices with preinstalled malware and exploited them to conduct large-scale ad fraud and other digital crimes." Most read in Tech The tech giant has now filed a lawsuit in the New York federal court against the crooks behind BadBox. Some of the known devices that have been infected include Android TV boxes with model numbers X88 Pro 10, T95, MXQ Pro, and QPLOVE Q9. Urgent warning to delete 2 dangerous apps that STEAL all photos & blackmail you It's unclear if these are the only affected TV boxes. Though tablets and digital projectors with unknown model numbers are still reportedly affected. If you think you have purchased a cheap Android-powered set-top box - especially one mentioned above - it's important to check if it Google Play Protect-certified. Google Play Protect is Android's built-in malware and unwanted software protection, which the tech company has updated to automatically block BadBox-infected apps. "While these actions kept our users and partners safe," according to Google. "This lawsuit enables us to further dismantle the criminal operation behind the botnet, cutting off their ability to commit more crime and fraud." The FBI has also issued an alert about the BadBox malware campaign , saying there may be more gadgets affected. "Cyber criminals gain unauthorised access to home networks through compromised IoT (internet of things) devices," the FBI wrote in an WHAT TO LOOK OUT FOR There are six signs that your digital gadgets may have been infected with BadBox 2.0 malware, according to the FBI: Possible indicators of BadBox 2.0 botnet activity include: The presence of suspicious marketplaces where apps are downloaded. Requiring Google Play protect settings to be disabled. Generic TV streaming devices advertised as unlocked or capable of accessing free content. IoT devices advertised from unrecognizable brands. Android devices that are not Play Protect certified. Unexplained or suspicious Internet traffic. Image credit: Getty
Yahoo
19-06-2025
- Yahoo
Is your smart home spying? FBI warns devices could be linked to crime
Cyber criminals have managed to gain unauthorized access to home networks by compromising at-home technology such as streaming devices and digital picture frames, the Federal Bureau of Investigation (FBI) said in a statement. By leveraging Badbox, cyber criminals are able to access the at-home streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames, and more, the agency explained. Criminals exploit Internet of Things (IoT) devices connected to home networks to conduct criminal activity, the statement reads. They do so by using the BadBox 2.0 botnet, which turns Android-based devices into a controlled network of infected machines. The malware typically spreads through hidden apps downloaded from unofficial stores, and is often pre-installed on cheaper devices. By leveraging Badbox, cyber criminals are able to access the at-home streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames and more, the agency explained. 'Most of the infected devices were manufactured in China,' the FBI said. 'Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process.' Once these compromised devices are connected to home networks, they are susceptible to becoming part of the BadBox botnet and residential proxy services, according to the press release. Possible indicators of BadBox activity include: The presence of suspicious marketplaces where apps are downloaded Requiring Google Play Protect settings to be disabled Generic TV streaming devices advertised as unlocked or capable of accessing free content Home devices advertised from unrecognizable brands Android devices that are not Play Protect certified Unexplained or suspicious internet traffic 'The public is urged to evaluate IoT devices in their home for any indications of compromise and consider disconnecting suspicious devices from their networks,' the FBI said. People can minimize exposure to unauthorized residential proxy networks by: Maintaining awareness and monitoring internet traffic of home networks Assessing all IoT devices connected to home networks for suspicious activity Avoid downloading apps from unofficial marketplaces advertising free streaming content Keeping all operating systems, software and firmware up to date Consumers who think they have been a victim of an intrusion can file a report with the FBI's Internet Crime Complaint Center (IC3) here. Andover man accused of having sexual conversations with purported 13-year-old Supreme Judicial Court upholds 2018 murder conviction in Latin King case N.H. man arrested in Saugus, suspected of killing father in 2003 Boston police seek man involved in hit-and-run that left victim seriously injured 3rd Needham Public Schools employee charged with having child sexual abuse material Read the original article on MassLive.
Indian Express
06-06-2025
- Indian Express
Badbox 2.0 malware spreads to more than 1 million Android devices, says FBI
The United States Federal Bureau of Investigation (FBI) has issued a warning saying that the Badbox 2.0 malware campaign has infected more than 1 million Android devices. First discovered in early 2023 on a T95 Android TV box available on Amazon, the malware comes pre-installed with several Chinese-made unbranded Android-powered smart TVs, streaming boxes, tablets and other IoT devices. It was also noted that out of the 1.6 million devices the malware infected, several Android TVs were from known brands like Hisense and Yandex. According to cybersecurity firm Bitsight, the majority of devices infected by Badbox were from countries like India, Russia, China, Brazil, Ukraine and Belarus. Believed to belong to the Triada family of malware, the main goal of the Badbox botnet is financial gain via ad fraud and stealing credentials. The malware not only generates revenue for threat actors by clicking on ads in the background, but also attempts to steal accounts using stolen credentials. To mask its malicious activity, the Badbox botnet routes traffic through infected devices, making it harder to know where the data is being sent. The Federal Office of Information Security (BSI), Germany, said that the malware also targeted devices with old firmware, such as streaming devices, media players and digital picture frames. If your device is overheating, having performance issues like high CPU usage or a change in device settings, chances are it could be hosting the Badbox malware. And while most infected devices are tampered with at the supply chain level, some get infected via the installation of untrusted third-party apps. Badbox 2.0 evolved from the original Badbox network, and over the years, has continued to spread despite international agencies cracking down on the botnet's network and operations. Signs of infection include the system automatically installing shady app marketplaces, disabling Google Play Protect, or streaming devices having unlimited free access to content. Last year, the German authorities had disrupted the malware's botnet network, but despite their attempts, a security researcher said in December that Badbox 'still seems to be very much alive and spreading.' A week after the crackdown, experts claimed that Badbox was still infecting more than 1,92,000 devices. According to HUMAN's Satori Threat Intelligence, the malware had managed to infect more than 1 million consumer devices by March 2025. Infecting more than 222 countries and territories worldwide, these infected devices are not running on Android TV OS but are based on the Android Open Source Project (AOSP), which is not certified by Google Play Protect. The FBI also said that these devices are manufactured in mainland China and shipped worldwide.
