FBI alerts the public that the BADBOX 2.0 botnet is being used by cybercriminals to target internet-connected devices in home environments.
BADBOX 2.0 surfaced several months ago following the 2024 disruption of the original BADBOX campaign. Human Security’s Satori team, in collaboration with Google, Trend Micro, and Shadowserver, helped partially dismantle the vast network — the biggest CTV botnet discovered to date.
In 2023, BADBOX was found infecting Android devices with malware hidden in their firmware, making them vulnerable before users even turned them on.
In addition to being preloaded on several devices, BADBOX 2.0 spreads through malicious apps downloaded from unofficial marketplaces. the FBI’s alert didn’t list any brands, but Human Security noted that affected devices include non-certified Android Open Source Project products built in China.
"The BADBOX 2.0 botnet consists of millions of infected devices and maintains numerous backdoors to proxy services that cyber criminal actors exploit by either selling or providing free access to compromised home networks to be used for various criminal activity," the FBI wrote in yesterday's announcement.
Potential signs of BADBOX 2.0 include unexpected internet spikes, Android devices lacking Play Protect certification, and unknown-brand IoT products that ask users to disable security settings. to reduce risk, the FBI advises regular updates, avoiding untrusted app sources, and monitoring network activity and connected devices.
