Overview

• Google says more than 10 million uncertified Android devices running AOSP have been compromised by BadBox 2.0.
• Off-brand TV boxes, tablets and projectors arrive with malware preinstalled or pick it up during setup to open backdoors into home networks.
• Cybercriminals harness the botnet for large-scale ad fraud and other digital crimes by exploiting unpatched firmware.
• Play Protect has been revamped to automatically detect and block applications linked to the BadBox campaign.
• Google’s lawsuit in New York federal court targets alleged operators while the FBI warns consumers to disconnect uncertified IoT gadgets showing suspicious traffic.