BadBox 2.0 malware has infected millions of IoT devices globally, creating a botnet used for cyber criminal activities, the FBI warns.
The FBI published a Public Service Announcement (PSA) to warn that cybercriminals are using the BADBOX 2.0 botnet to exploit IoT devices on home networks, like streaming devices, projectors, and infotainment systems, mostly made in China. These compromised devices are used for criminal activity after attackers gain unauthorized access through security flaws.
“Most of the infected devices were manufactured in China. Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process.3 ” reads the alert published by the FBI. “Once these compromised IoT devices are connected to home networks, the infected devices are susceptible to becoming part of the BADBOX 2.0 botnet and residential proxy services4 known to be used for malicious activity.”
BADBOX 2.0 is the successor of the BADBOX operation that was disrupted in 2024. It targets Android devices before purchase or via malicious apps. It controls millions of devices, creating backdoors for cybercriminals to exploit or sell access to compromised home networks for illegal activity.
The FBI urges the public to check IoT devices for signs of compromise and disconnect any suspicious ones. Indicators of BADBOX 2.0 include the presence of suspicious marketplaces where apps are downloaded, requests to disable Google Play protect settings, generic TV streaming devices advertised as unlocked or capable of accessing free content, IoT devices advertised from unrecognizable brands, Android devices that are not Play Protect certified, and unexplained or suspicious Internet traffic.
To reduce exposure to unauthorized residential proxy networks, monitor home network traffic, check IoT devices for suspicious activity, avoid unofficial app stores, and keep all systems updated, especially by patching known and internet-facing vulnerabilities promptly.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
Pierluigi Paganini
(SecurityAffairs – hacking, botnet)