{"id":1917,"date":"2025-06-06T00:35:43","date_gmt":"2025-06-05T21:35:43","guid":{"rendered":"https:\/\/trustcrypt.com\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices\/"},"modified":"2025-06-06T00:35:43","modified_gmt":"2025-06-05T21:35:43","slug":"fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices","status":"publish","type":"post","link":"https:\/\/trustcrypt.com\/ar\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices\/","title":{"rendered":"FBI Report: BADBOX 2.0 Android Malware Compromises Millions of Consumer Devices"},"content":{"rendered":"<p style=\"text-align:center\"><img loading=\"lazy\" decoding=\"async\" alt=\"Android malware\" height=\"900\" src=\"https:\/\/trustcrypt.com\/wp-content\/uploads\/2025\/06\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices.jpg\" width=\"1600\"><\/p>\n<p>The FBI has issued a warning regarding the BADBOX 2.0 malware, which has successfully infected over one million Internet-connected consumer devices. This malware campaign is transforming everyday electronics into residential proxies, facilitating various malicious activities.<\/p>\n<p>The BADBOX botnet primarily targets a range of Chinese Android-based smart devices, including smart TVs, streaming boxes, projectors, tablets, and other Internet of Things (IoT) devices.<\/p>\n<p>The FBI alerts that &#8220;the BADBOX 2.0 botnet comprises millions of compromised devices and features multiple backdoors to proxy services. Cybercriminals exploit these vulnerabilities, either by selling access or providing free services to hijacked home networks for nefarious purposes.&#8221;<\/p>\n<p>Devices may come pre-installed with the BADBOX 2.0 malware or become infected through firmware updates and malicious applications that infiltrate Google Play and other app stores.<\/p>\n<p>According to the FBI, unauthorized access to home networks may occur through two methods: pre-configuring the product with malicious software before purchase or infecting the device during the downloading of necessary applications containing backdoors, typically during initial setup.<\/p>\n<p>Once integrated within home networks, these compromised IoT devices can be incorporated into the BADBOX 2.0 botnet and serve as residential proxy services exploited for unlawful activities.<\/p>\n<p>Infected devices establish connections with the attackers\u2019 command and control (C2) servers, where they receive directives to perform operations, including:<\/p>\n<ul>\n<li><strong>Residential Proxy Networks:<\/strong> Traffic from cybercriminals is routed through victims\u2019 home IP addresses, concealing their malicious activities.<\/li>\n<li><strong>Ad Fraud:<\/strong> BADBOX is capable of generating ad revenue for threat actors by loading and clicking on ads in the background.<\/li>\n<li><strong>Credential Stuffing:<\/strong> Utilizing victim IP addresses, attackers may attempt to gain unauthorized access to accounts using stolen credentials.<\/li>\n<\/ul>\n<p>BADBOX 2.0 emerged as an evolution of the original BADBOX malware, identified in 2023 when it was found pre-installed on low-cost, lesser-known Android TV boxes such as the T95.<\/p>\n<p>Throughout the following years, the malware&#8217;s botnet expanded. In 2024, Germany\u2019s cybersecurity agency successfully disrupted the botnet by sinkholing communications between infected devices and the attackers&#8217; infrastructure, thereby neutralizing the malware\u2019s effectiveness.<\/p>\n<p>Despite this disruption, the threat persisted, as researchers discovered the malware on 192,000 devices just a week later, including on more mainstream devices such as Yandex TVs and Hisense smartphones.<\/p>\n<p>Alarming reports indicate that the botnet continued to proliferate, with HUMAN&#8217;s Satori Threat Intelligence estimating that over one million consumer devices had been compromised by March 2025.<\/p>\n<p>This newly expanded botnet is now referred to as BADBOX 2.0, signifying an ongoing evolution in the malware campaign.<\/p>\n<p>According to experts from HUMAN, &#8220;This scheme has affected over one million consumer devices. The types of devices connecting to the BADBOX 2.0 operation encompass budget &#8216;off brand&#8217; products, uncertified tablets, connected TV boxes, digital projectors, among others.&#8221;<\/p>\n<p>Additionally, &#8220;the infected devices are those using the Android Open Source Project, not those running the Android TV OS or certified as Play Protect compliant. All affected devices are manufactured in mainland China and distributed worldwide, with BADBOX 2.0-associated traffic observed from 222 countries and territories globally.&#8221;<\/p>\n<p>Research indicates that the BADBOX 2.0 botnet spans 222 countries, with the largest concentrations of compromised devices in Brazil (37.6%), the United States (18.2%), Mexico (6.3%), and Argentina (5.3%).<\/p>\n<div style=\"text-align:center\">\n<figure class=\"image\" style=\"display:inline-block\"><img loading=\"lazy\" decoding=\"async\" alt=\"BadBox 2.0 Global Distribution\" height=\"600\" src=\"https:\/\/trustcrypt.com\/wp-content\/uploads\/2025\/06\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices-1.jpg\" width=\"1003\"><figcaption><strong>BADBOX 2.0 Global Distribution<\/strong><br \/><em>Source: HUMAN Satori<\/em><\/figcaption><\/figure>\n<\/div>\n<p>In a collaborative endeavor led by HUMAN\u2019s Satori team and partners including Google, Trend Micro, and The Shadowserver Foundation, additional disruptions to the BADBOX 2.0 botnet were carried out, severing communication for over 500,000 infected devices with the attackers&#8217; servers.<\/p>\n<p>Nonetheless, the botnet&#8217;s size continues to increase as consumers inadvertently connect more compromised devices to the Internet.<\/p>\n<p>Identified devices affected by the BADBOX malware include:<\/p>\n<table align=\"center\" cellpadding=\"5\" cellspacing=\"5\">\n<tbody>\n<tr>\n<td><strong>Device Model<\/strong><\/td>\n<td><strong>Device Model<\/strong><\/td>\n<td><strong>Device Model<\/strong><\/td>\n<td><strong>Device Model<\/strong><\/td>\n<\/tr>\n<tr>\n<td>TV98<\/td>\n<td>X96Q<em>Max<\/em>P<\/td>\n<td>Q96L2<\/td>\n<td>X96Q2<\/td>\n<\/tr>\n<tr>\n<td>X96mini<\/td>\n<td>S168<\/td>\n<td>ums512<em>1h10<\/em>Natv<\/td>\n<td>X96_S400<\/td>\n<\/tr>\n<tr>\n<td>X96mini_RP<\/td>\n<td>TX3mini<\/td>\n<td>HY-001<\/td>\n<td>MX10PRO<\/td>\n<\/tr>\n<tr>\n<td>X96mini_Plus1<\/td>\n<td>LongTV_GN7501E<\/td>\n<td>Xtv77<\/td>\n<td>NETBOX_B68<\/td>\n<\/tr>\n<tr>\n<td>X96Q_PR01<\/td>\n<td>AV-M9<\/td>\n<td>ADT-3<\/td>\n<td>OCBN<\/td>\n<\/tr>\n<tr>\n<td>X96MATE_PLUS<\/td>\n<td>KM1<\/td>\n<td>X96Q_PRO<\/td>\n<td>Projector_T6P<\/td>\n<\/tr>\n<tr>\n<td>X96QPRO-TM<\/td>\n<td>sp7731e<em>1h10<\/em>native<\/td>\n<td>M8SPROW<\/td>\n<td>TV008<\/td>\n<\/tr>\n<tr>\n<td>X96Mini_5G<\/td>\n<td>Q96MAX<\/td>\n<td>Orbsmart_TR43<\/td>\n<td>Z6<\/td>\n<\/tr>\n<tr>\n<td>TVBOX<\/td>\n<td>Smart<\/td>\n<td>KM9PRO<\/td>\n<td>A15<\/td>\n<\/tr>\n<tr>\n<td>Transpeed<\/td>\n<td>KM7<\/td>\n<td>iSinbox<\/td>\n<td>I96<\/td>\n<\/tr>\n<tr>\n<td>SMART_TV<\/td>\n<td>Fujicom-SmartTV<\/td>\n<td>MXQ9PRO<\/td>\n<td>MBOX<\/td>\n<\/tr>\n<tr>\n<td>X96Q<\/td>\n<td>isinbox<\/td>\n<td>Mbox<\/td>\n<td>R11<\/td>\n<\/tr>\n<tr>\n<td>GameBox<\/td>\n<td>KM6<\/td>\n<td>X96Max_Plus2<\/td>\n<td>TV007<\/td>\n<\/tr>\n<tr>\n<td>Q9 Stick<\/td>\n<td>SP7731E<\/td>\n<td>H6<\/td>\n<td>X88<\/td>\n<\/tr>\n<tr>\n<td>X98K<\/td>\n<td>TXCZ<\/td>\n<td>\u00a0<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p>Symptoms suggesting a BADBOX 2.0 infection include the presence of suspicious app marketplaces, disabled Google Play Protect settings, advertisements for streaming devices claiming to be unlocked or offering free content access, and detections of unusual Internet traffic.<\/p>\n<p>The FBI recommends consumers take proactive measures to shield themselves from this botnet by adhering to the following protocols:<\/p>\n<ul>\n<li>Evaluate all IoT devices linked to home networks for irregular behavior.<\/li>\n<li>Avoid downloading applications from unofficial marketplaces promoting &#8220;free streaming&#8221; content.<\/li>\n<li>Monitor Internet traffic to and from home networks vigilantly.<\/li>\n<li>Ensure all household devices are updated with the latest software patches and updates.<\/li>\n<\/ul>\n<p>If you suspect that your device has been compromised, it is critical to isolate it from the network and restrict its Internet access to disrupt the malware&#8217;s functionality.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The FBI has issued a warning regarding the BADBOX 2.0 malware, which has successfully infected over one million Internet-connected consumer&#8230;<\/p>\n","protected":false},"author":1,"featured_media":1918,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"Default","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[28],"tags":[839,54,838],"class_list":["post-1917","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-iot","tag-malware","tag-smart-devices"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>FBI Report: BADBOX 2.0 Android Malware Compromises Millions of Consumer Devices - Trustcrypt<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/trustcrypt.com\/ar\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices\/\" \/>\n<meta property=\"og:locale\" content=\"ar_AR\" \/>\n<meta property=\"og:locale:alternate\" content=\"en_GB\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"FBI Report: BADBOX 2.0 Android Malware Compromises Millions of Consumer Devices\" \/>\n<meta property=\"og:description\" content=\"The FBI has issued a warning regarding the BADBOX 2.0 malware, which has successfully infected over one million Internet-connected consumer...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/trustcrypt.com\/ar\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices\/\" \/>\n<meta property=\"og:site_name\" content=\"Trustcrypt\" \/>\n<meta property=\"article:published_time\" content=\"2025-06-05T21:35:43+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/trustcrypt.com\/wp-content\/uploads\/2025\/06\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices.jpg\" \/>\n<meta name=\"author\" content=\"Trustscrypt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"\u0643\u064f\u062a\u0628 \u0628\u0648\u0627\u0633\u0637\u0629\" \/>\n\t<meta name=\"twitter:data1\" content=\"Trustscrypt\" \/>\n\t<meta name=\"twitter:label2\" content=\"\u0648\u0642\u062a \u0627\u0644\u0642\u0631\u0627\u0621\u0629 \u0627\u0644\u0645\u064f\u0642\u062f\u0651\u0631\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 \u062f\u0642\u0627\u0626\u0642\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/trustcrypt.com\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices\/\",\"url\":\"https:\/\/trustcrypt.com\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices\/\",\"name\":\"FBI Report: BADBOX 2.0 Android Malware Compromises Millions of Consumer Devices\",\"isPartOf\":{\"@id\":\"https:\/\/trustcrypt.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/trustcrypt.com\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/trustcrypt.com\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/trustcrypt.com\/wp-content\/uploads\/2025\/06\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices.webp\",\"datePublished\":\"2025-06-05T21:35:43+00:00\",\"author\":{\"@id\":\"https:\/\/trustcrypt.com\/#\/schema\/person\/469b1cf97b9f7ea4e4d7fa31689dfa9f\"},\"inLanguage\":\"ar\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/trustcrypt.com\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"ar\",\"@id\":\"https:\/\/trustcrypt.com\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices\/#primaryimage\",\"url\":\"https:\/\/trustcrypt.com\/wp-content\/uploads\/2025\/06\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices.webp\",\"contentUrl\":\"https:\/\/trustcrypt.com\/wp-content\/uploads\/2025\/06\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices.webp\",\"width\":1792,\"height\":1024,\"caption\":\"FBI Report: BADBOX 2.0 Android Malware Compromises Millions of Consumer Devices\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/trustcrypt.com\/#website\",\"url\":\"https:\/\/trustcrypt.com\/\",\"name\":\"Trustcrypt\",\"description\":\"\u0627\u0644\u0623\u0645\u0646 \u0647\u0648 \u0627\u0633\u0645\u0646\u0627 \u0627\u0644\u062b\u0627\u0646\u064a\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/trustcrypt.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"ar\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/trustcrypt.com\/#\/schema\/person\/469b1cf97b9f7ea4e4d7fa31689dfa9f\",\"name\":\"Trustscrypt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"ar\",\"@id\":\"https:\/\/trustcrypt.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/4c36ff3376565a0f4981e9397667feb08d5e09acacce32a52ea4a3f628e03692?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/4c36ff3376565a0f4981e9397667feb08d5e09acacce32a52ea4a3f628e03692?s=96&d=mm&r=g\",\"caption\":\"Trustscrypt\"},\"sameAs\":[\"http:\/\/trustcrypt.com\"],\"url\":\"https:\/\/trustcrypt.com\/ar\/author\/trustscrypt\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"FBI Report: BADBOX 2.0 Android Malware Compromises Millions of Consumer Devices - Trustcrypt","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/trustcrypt.com\/ar\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices\/","og_locale":"ar_AR","og_type":"article","og_title":"[:en]FBI Report: BADBOX 2.0 Android Malware Compromises Millions of Consumer Devices[:] - Trustcrypt","og_description":"The FBI has issued a warning regarding the BADBOX 2.0 malware, which has successfully infected over one million Internet-connected consumer...","og_url":"https:\/\/trustcrypt.com\/ar\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices\/","og_site_name":"Trustcrypt","article_published_time":"2025-06-05T21:35:43+00:00","og_image":[{"url":"https:\/\/trustcrypt.com\/wp-content\/uploads\/2025\/06\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices.jpg","type":"","width":"","height":""}],"author":"Trustscrypt","twitter_card":"summary_large_image","twitter_misc":{"\u0643\u064f\u062a\u0628 \u0628\u0648\u0627\u0633\u0637\u0629":"Trustscrypt","\u0648\u0642\u062a \u0627\u0644\u0642\u0631\u0627\u0621\u0629 \u0627\u0644\u0645\u064f\u0642\u062f\u0651\u0631":"4 \u062f\u0642\u0627\u0626\u0642"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/trustcrypt.com\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices\/","url":"https:\/\/trustcrypt.com\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices\/","name":"FBI Report: BADBOX 2.0 Android Malware Compromises Millions of Consumer Devices","isPartOf":{"@id":"https:\/\/trustcrypt.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/trustcrypt.com\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices\/#primaryimage"},"image":{"@id":"https:\/\/trustcrypt.com\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices\/#primaryimage"},"thumbnailUrl":"https:\/\/trustcrypt.com\/wp-content\/uploads\/2025\/06\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices.webp","datePublished":"2025-06-05T21:35:43+00:00","author":{"@id":"https:\/\/trustcrypt.com\/#\/schema\/person\/469b1cf97b9f7ea4e4d7fa31689dfa9f"},"inLanguage":"ar","potentialAction":[{"@type":"ReadAction","target":["https:\/\/trustcrypt.com\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices\/"]}]},{"@type":"ImageObject","inLanguage":"ar","@id":"https:\/\/trustcrypt.com\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices\/#primaryimage","url":"https:\/\/trustcrypt.com\/wp-content\/uploads\/2025\/06\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices.webp","contentUrl":"https:\/\/trustcrypt.com\/wp-content\/uploads\/2025\/06\/fbi-report-badbox-2-0-android-malware-compromises-millions-of-consumer-devices.webp","width":1792,"height":1024,"caption":"FBI Report: BADBOX 2.0 Android Malware Compromises Millions of Consumer Devices"},{"@type":"WebSite","@id":"https:\/\/trustcrypt.com\/#website","url":"https:\/\/trustcrypt.com\/","name":"Trustcrypt","description":"\u0627\u0644\u0623\u0645\u0646 \u0647\u0648 \u0627\u0633\u0645\u0646\u0627 \u0627\u0644\u062b\u0627\u0646\u064a","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/trustcrypt.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"ar"},{"@type":"Person","@id":"https:\/\/trustcrypt.com\/#\/schema\/person\/469b1cf97b9f7ea4e4d7fa31689dfa9f","name":"Trustscrypt","image":{"@type":"ImageObject","inLanguage":"ar","@id":"https:\/\/trustcrypt.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/4c36ff3376565a0f4981e9397667feb08d5e09acacce32a52ea4a3f628e03692?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/4c36ff3376565a0f4981e9397667feb08d5e09acacce32a52ea4a3f628e03692?s=96&d=mm&r=g","caption":"Trustscrypt"},"sameAs":["http:\/\/trustcrypt.com"],"url":"https:\/\/trustcrypt.com\/ar\/author\/trustscrypt\/"}]}},"_links":{"self":[{"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/posts\/1917","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/comments?post=1917"}],"version-history":[{"count":0,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/posts\/1917\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/media\/1918"}],"wp:attachment":[{"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/media?parent=1917"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/categories?post=1917"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/trustcrypt.com\/ar\/wp-json\/wp\/v2\/tags?post=1917"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}