Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
  • AI
  • Tech
  • Cybersecurity
  • Finance
  • DeFi & Blockchain
  • Startups
  • Gaming
Dataconomy
  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
Subscribe
No Result
View All Result
Dataconomy
No Result
View All Result

Badbox 2.0 malware is infecting a million Android devices right now

The Badbox 2.0 scheme is bigger and far worse than what we saw in 2023, says expert

byKerem Gülen
March 7, 2025
in Cybersecurity, News

Human Security’s Satori research team has reported the resurgence of the Badbox botnet, now powered by up to a million infected Android devices. This variant of the remote-controllable Badbox malware has been identified in various off-brand hardware, including cheap Android phones, connected TV boxes, tablets, and digital projectors.

Badbox botnet resurfaces, infecting one million Android devices worldwide

The initial outbreak of Badbox occurred in 2023, involving off-brand Android-powered internet-connected TV devices that participated in a large ad-fraud scheme named Peachpit, with approximately 74,000 devices involved in the first cluster. Badbox 2.0 targets devices running the Android Open Source Project (AOSP) and has now spread to about a million devices across over 220 countries.

Gavin Reid, CISO of Human Security, explained that the botnet’s operators often tamper with the supply chain by purchasing inexpensive hardware, rebadging it, and embedding malicious code into firmware or popular apps, which are then sold to consumers. More than 200 apps containing malware associated with the botnet have been discovered, mainly hosted on third-party Android app stores, often replicating legitimate applications from the Google Play Store to deceive users into downloading them.

Stay Ahead of the Curve!

Don't miss out on the latest insights, trends, and analysis in the world of data, technology, and startups. Subscribe to our newsletter and get exclusive content delivered straight to your inbox.

“The Badbox 2.0 scheme is bigger and far worse than what we saw in 2023,” Reid stated, highlighting the increase in device types targeted and the complexity of the fraud mechanisms employed. The network has produced traffic from 222 countries and territories since the botnet’s resurgence last autumn.

The monetization of this botnet involves hidden ad views and ad-click fraud, disguised effectively to evade detection. Lindsay Kaye, vice president of threat intelligence at Human Security, noted that the operators of the botnet conceal their fraudulent intentions by interspersing real traffic with illicit activities from infected households, making detection by ad networks significantly more challenging.

Besides ad fraud, the malware also poses risks such as password theft and potential for denial-of-service attacks. At its peak, Badbox 2.0 infected nearly a million devices, but this number has been reduced by half due to efforts from Human Security, Google, Trend Micro, and Shadowserver Foundation, who identified and shut down several command-and-control servers managing the botnet.

Kaye indicated that the malware was caught in its developmental phase, with many modules labeled “test.” Despite this, there are concerns about the possibility of the botnet’s revival, similar to prior incidents following the discovery of the original Badbox network. Devices affected by Badbox 2.0 are primarily manufactured in China, with some reportedly used in public schools in the U.S.


BADBOX botnet infects over 192,000 Android devices worldwide


In December 2024, Germany’s BSI initiated a disruption campaign that sinkholed communications from over 30,000 infected devices to their command-and-control servers but soon uncovered another larger group of over 190,000 devices. The Badbox 2.0 operation exploits supply chain vulnerabilities, where backdoored devices receive malicious code upon activation or downloading from third-party marketplaces.

The identified threat actors include the SalesTracker Group, MoYu Group, Lemon Group, and LongTV, indicating collaborative efforts among distinct malicious actors, pooling resources to enhance the fraud operation.

To mitigate the threat, ad fraud prevention measures were implemented, and Google’s Play Protect added detection capabilities for Badbox-associated behaviors. There remains a persistent threat from these operators as they are likely to adapt and reconstruct their attack strategies.

Users are advised to remain vigilant, especially against certain malicious applications such as ‘Earn Extra Income’ and ‘Pregnancy Ovulation Calculator,’ which have been linked to the malware. Installing a robust security solution can further protect Android devices from the risks posed by the Badbox botnet.


Featured image credit: Kerem Gülen/Ideogram

Tags: Malware

Related Posts

CDU study: AI threatens human dignity globally

CDU study: AI threatens human dignity globally

October 1, 2025
Amazon Kindle Scribe Colorsoft adds color, AI tools

Amazon Kindle Scribe Colorsoft adds color, AI tools

October 1, 2025
Sony WH-1000XM5/6 adds Gemini Live, Fast Pair audio share

Sony WH-1000XM5/6 adds Gemini Live, Fast Pair audio share

October 1, 2025
WhatsApp: Meta AI to get incognito mode for private chats

WhatsApp: Meta AI to get incognito mode for private chats

October 1, 2025
PayPal Honey integrates with ChatGPT for product deals

PayPal Honey integrates with ChatGPT for product deals

October 1, 2025
Microsoft Copilot tests portraits using VASA-1 AI

Microsoft Copilot tests portraits using VASA-1 AI

October 1, 2025

LATEST NEWS

CDU study: AI threatens human dignity globally

Amazon Kindle Scribe Colorsoft adds color, AI tools

Sony WH-1000XM5/6 adds Gemini Live, Fast Pair audio share

WhatsApp: Meta AI to get incognito mode for private chats

PayPal Honey integrates with ChatGPT for product deals

Microsoft Copilot tests portraits using VASA-1 AI

Dataconomy

COPYRIGHT © DATACONOMY MEDIA GMBH, ALL RIGHTS RESERVED.

  • About
  • Imprint
  • Contact
  • Legal & Privacy

Follow Us

  • News
    • Artificial Intelligence
    • Cybersecurity
    • DeFi & Blockchain
    • Finance
    • Gaming
    • Startups
    • Tech
  • Industry
  • Research
  • Resources
    • Articles
    • Guides
    • Case Studies
    • Glossary
    • Whitepapers
  • Newsletter
  • + More
    • Conversations
    • Events
    • About
      • About
      • Contact
      • Imprint
      • Legal & Privacy
      • Partner With Us
No Result
View All Result
Subscribe

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy Policy.