Disconnect now, the FBI prevents 10 million Android users.
Update, July 26, 2025: This story, initially published on July 25, was updated with a declaration by researchers who initially disclosed and disrupted the Badbox 2.0 operation that the FBI and Google attack head -on.
In March, I noted that one of the largest botnets of this type ever detected had an impact on a million Android devices. This massive attack was known as Badbox, but it has now been overshadowed by Badbox 2.0, with at least 10 million infected Android devices. Google has taken measures to protect users as best as possible, as well as the launch of legal action against attackers, and the FBI has urged affected users to disconnect their internet devices. Here’s what you need to know.
The FBI, Google and others warn against Android Badbox 2.0 attacks
FBI cybersecurity alert, I-060525-PSAcould not have been clearer: the current attacks target everything, streaming devices, digital image frames, third -party replacement automobile infodimentation systems and other matching intelligent devices. The devices, all at low cost and not certified, mainly from China, allow attackers to access your domestic network and beyond, the FBI has warned, “configure the product with malware before the purchase of the user”. It was also noted, however, that the “software updates” compulsory during the installation process can also install a malicious stolen door.
Point Wild Intelligence Team ingested The Badbox 2 infection chain and, therefore, have discovered new compromise indicators that have been shared with the world IT intervention teams, as well as the police. “This malicious software based on Android is preinstalled in the firmware of low -cost IoT devices, intelligent televisions, television boxes, tablets, even before leaving the factory,” said Kiran Gaikwad of the LAT61 team, “this transforms them silently into residential proxy nodes for criminal operations like click fraud, Identification fur and command and covered control (C2). “
Google, meanwhile, confirmed in a July 17 declaration that he had “filed a complaint before the New York Federal Court against the authors of the botnet”. Google also said that it “updated Google Play Protect, integrated malicious protection of Android and unwanted software, to automatically block the applications associated with Badbox”.
Human security behind the disclosure and initial disturbances of Badbox 2.0
Human security, including the intelligence and research team on the threats of Satori has originally disclosed and disrupted the Badbox 2.0 threat campaign, said at the time that Researchers believed “Several groups of threat actors participated in Badbox 2.0, each contributing to certain parts of the underlying infrastructure or in the fraud modules which monetize infected devices, including programmatic advertising fraud, click fraud, proxyjacking and the creation and exploitation of a botnet in 222 countries and territories.” If nothing else, this provides a certain context on the scale of this campaign.
Now Sta Salomon, the CEO of human security, published the following declaration: “We applaud Google’s decisive action against cybercriminals behind the Botnet Badbox 2.0 that our team discovered. This withdrawal marks a significant step in the current battle to obtain sophisticated fraud operations. The disturbance of cybercrime on a scale, and this effort illustrates the power of collective defense.
FBI recommendations and attenuations – Disconnect your devices now
The FBI has recommended that Android users are looking for a number of potential indices that your smart device made in Chinese could be infected with malware Badbox 2.0.
- Any requirement for Google Play Protect of services to be deactivated.
- All streaming devices that are announced as completely unlocked or capable of delivering completely free content.
- All devices from unrecognized brands.
- The use of unknown and unofficial application markets, where software must be downloaded during the configuration.
- Any unexplained or suspect internet traffic.
Regarding attenuation, the advice is simple: users must “consider disconnecting suspicious devices from their networks,” said the FBI.
