Google Sues Operators of BadBox 2.0 Botnet Compromising 10 Million Android Devices

Generated by AI AgentCoin World
Saturday, Jul 19, 2025 2:52 pm ET1min read
Aime RobotAime Summary

- Google sues 25 unnamed Chinese individuals behind BadBox 2.0 botnet, which infected 10M Android devices via pre-installed malware and deceptive app downloads.

- The botnet exploits low-cost devices through backdoors, enabling fraud modules for ad fraud, DDoS attacks, and password thefts, harming users and Google's reputation.

- Google automated security updates to block malicious apps and intensified legal action against the network, following the 2023 takedown of the original BadBox botnet.

Google has taken legal action against the operators of the BadBox 2.0 botnet, which has compromised over 10 million Android devices globally. The botnet, described as the largest known network of internet-connected TVs, has been used to pre-install malware and trick users into downloading malicious applications. These applications are then utilized for various fraudulent and criminal activities, causing significant harm to Google's reputation and expending substantial resources.

The lawsuit, filed in the United States, targets 25 unnamed individuals believed to be based in China. The legal action aims to dismantle the criminal enterprise responsible for the botnet, which has been operating for an extended period. The botnet's activities include pre-installing malware on uncertified Android devices and tricking users into downloading malicious applications, which are then used for various fraudulent and criminal activities.

BadBox 2.0, the successor to the original BadBox, which was taken down in 2023, has been active since the following year. Google's cybersecurity experts discovered the botnet and have since taken measures to block all applications associated with it. The tech giant has updated its security measures to automatically block these malicious applications, thereby mitigating the threat posed by the botnet.

The botnet operates by exploiting backdoors on low-cost consumer devices, enabling threat actors to load fraud modules remotely. These devices communicate with command-and-control (C2) servers owned and operated by a series of distinct but cooperative threat actors. The threat actors exploit software or hardware supply chains or distribute seemingly benign applications that contain ‘loader’ functionality in order to infect these devices and applications with the backdoor. Once a fraud module is deployed, infected devices may become part of a botnet and subsequently have the capacity to conduct several attacks, including programmatic ad fraud, click fraud, and residential proxy services, which lead to account takeovers, fake account creations, DDoS attacks, malware distribution, and one-time password thefts.

Google's legal action against BadBox 2.0 is a significant step in combating cyber threats and protecting users from malicious activities. The botnet's activities have caused substantial harm to users and organizations, and the legal action taken by Google is a crucial step in dismantling the criminal enterprise responsible for the botnet. The lawsuit is part of Google's ongoing efforts to enhance cybersecurity and protect its users from malicious activities.

Comments



Add a public comment...
No comments

No comments yet