Overview

• The complaint alleges that hackers preinstalled or delivered malware on open-source Android streaming boxes, tablets and projectors to build a vast proxy network for ad fraud and other digital crimes.
• BadBox 2.0 had infiltrated more than 10 million uncertified devices worldwide, according to Google’s filing.
• Google Play Protect now automatically blocks known BadBox 2.0 apps, cutting off the botnet’s distribution and command-and-control channels.
• The FBI issued a June alert about the threat and is leading an ongoing operation to dismantle the botnet across global IoT devices.
• Previous takedowns include the original BadBox in 2024 and Google’s 2021 disruption of the Glupteba botnet, highlighting persistent security gaps in uncertified hardware.