Badbox 2.0 Botnet Exploits Over 1 Million Android Devices

Researchers uncover a massive malware operation targeting low-cost Android devices, leveraging backdoors for fraud and data theft.

The Badbox 2.0 botnet has infected over 1 million Android devices, primarily low-cost, off-brand hardware using the Android Open Source Project (AOSP).
Devices such as uncertified tablets, TV boxes, and digital projectors are preloaded with malware or compromised through third-party app stores.
The malware enables remote control of devices for ad fraud, password theft, account takeovers, and other cyberattacks, with activity detected in 222 countries and territories.
Researchers from Human Security, Google, and others have partially disrupted the operation, halving the number of infected devices by targeting command-and-control servers.
Despite the disruption, experts warn that the botnet operators may adapt and resume their activities, highlighting ongoing risks for users of uncertified Android devices.