Symbols

Google Files Lawsuit Against Operators of 10 Million Device Botnet

Saturday, Jul 19, 2025 8:25 am ET2min read

Aime Summary

- Google sued BadBox 2.0 operators for infecting 10M+ Android IoT devices via a botnet targeting low-cost gadgets like TVs and projectors.

- The botnet generates ad fraud and sells proxy access, exploiting uncertified devices lacking Google's security safeguards.

- Google leveraged RICO Act charges against 25 unnamed Chinese individuals, combining technical countermeasures with legal action to disrupt operations.

- The case highlights IoT security vulnerabilities in unregulated hardware, urging supply chain accountability to prevent consumer data exposure.

Google has intensified its efforts to combat cyber threats by filing a lawsuit against the operators of BadBox 2.0, a sophisticated botnet targeting internet-connected televisions. The company described BadBox 2.0 as the largest botnet of its kind, infecting over 10 million Android devices globally. These devices include a range of low-cost IoT gadgets such as streaming boxes, tablets, and projectors, often sold under obscure brands.

The discovery of BadBox 2.0 was the result of a collaborative effort between Google's researchers, cybersecurity firm HUMAN Security, and Trend Micro. The botnet pre-installs malicious apps on these devices to perpetrate ad fraud and proxy services, generating fake traffic that deceives advertising platforms. This not only damages the reputation of Google but also steals revenue from legitimate advertisers and publishers.

The lawsuit, filed in a United States federal court, invokes the Racketeer Influenced and Corrupt Organizations (RICO) Act. Google has accused 25 Chinese individuals, whose identities remain unknown, of orchestrating a global scheme that exploits vulnerabilities in uncertified Android devices. These devices lack the sophisticated security checks present in Google’s ecosystem, making them easy targets for cybercriminals.

Once infected, these devices join a network of other compromised devices, exhibiting human-like behaviors such as viewing ads, clicking links, and routing traffic for illegal purposes. The botnet operators have reportedly amassed wealth by selling access to this proxy network in underground markets, turning everyday consumer electronics into tools for cybercrime.

BadBox 2.0 represents an evolved threat with new capabilities and evasion tactics, including the use of presidential proxies to mask fraudulent activities. This is not Google’s first encounter with such issues, as the company had previously disrupted the first BadBox operation. The scale of BadBox 2.0 is significant, with over 10 million devices from more than 200 countries, making it one of the most pervasive botnets in recent history.

Industry analysts have highlighted that BadBox 2.0’s focus on IoT devices reveals a growing blind spot in cybersecurity. Low-cost items from unregulated manufacturers are particularly vulnerable to exploits, posing a significant risk to consumers who purchase unverified gadgets. These devices could unknowingly contribute to fraud or expose personal data, underscoring the importance of supply chain security in the Android ecosystem.

Google’s legal action seeks to dismantle the botnet and recover damages, imposing penalties that would deter similar operations. The company has already initiated technical measures, such as removing 24 malicious apps from the Google Play Store and silencing command-and-control servers, which reduced botnet activity by half earlier this year. This move aligns with broader industry trends, where proactive litigation is increasingly used as a weapon against cyber syndicates.

Google’s announcement also underscores its ongoing monitoring efforts through its Threat Analysis Group. However, analysts at HUMAN Security have warned that threats like BadBox 2.0 require collaborative defenses across the tech sector. The lawsuit could set a precedent for holding foreign actors accountable under United States law, influencing how companies combat global crimes.

Sign up for free to continue reading

Unlimited access to AInvest.com and the AInvest app

Follow and interact with analysts and investors

Receive subscriber-only content and newsletters

or

By continuing, I agree to the
Market Data Terms of Service and Privacy Statement

Already have an account?

Aime Insights

What are the key indicators to watch for in the tech sector?

How will the tokenized funds on Sei Network via KAIO's infrastructure affect investors?

How will the launch of JupUSD impact Solana's DeFi ecosystem?

What are the implications of Occidental Petroleum's significant volume for the oil sector?

Comments

﻿

Add a public comment...

No comments yet

Disclaimer: The news articles available on this platform are generated in whole or in part by artificial intelligence and may not have been reviewed or fact checked by human editors. While we make reasonable efforts to ensure the quality and accuracy of the content, we make no representations or warranties, express or implied, as to the truthfulness, reliability, completeness, or timeliness of any information provided. It is your sole responsibility to independently verify any facts, statements, or claims prior to acting upon them. Ainvest Fintech Inc expressly disclaims all liability for any loss, damage, or harm arising from the use of or reliance on AI-generated content, including but not limited to direct, indirect, incidental, or consequential damages.