FBI warns dangerous BADBOX 2.0 malware has hit over a million devices - here's how to stay safe

1 day ago 9

(Image credit: Shutterstock / Jaiz Anuar)

FBI warns BADBOX 2.0 malware has infected over a million devices
Cheap, Chinese-made, Android-powered devices often the victim
Devices hijacked to become part of global botnet

Over a million devices have been infected by a dangerous malware strain which has turned them into malicious proxies, the FBI has warned.

In a new alert, the agency urged users to be on their guard against BADBOX 2.0, a malware threat which targets Android-powered devices, often made in China.

The FBI warns devices such as smart TVs, streaming boxes, projectors, tablets, and other Internet of Things (IoT) devices could all be at risk or being turned into residential proxies which are then used for malicious activity.

BADBOX 2.0 malware warning

"The BADBOX 2.0 botnet consists of millions of infected devices and maintains numerous backdoors to proxy services that cyber criminal actors exploit by either selling or providing free access to compromised home networks to be used for various criminal activity," the FBI warning states.

It noted the affected devices often come with the malware preloaded, but it can also be transferred after installing firmware updates and malicious Android applications which have managed to get onto Google Play and third-party app stores.

"Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process," explained the FBI.

"Once these compromised IoT devices are connected to home networks, the infected devices are susceptible to becoming part of the BADBOX 2.0 botnet and residential proxy services4 known to be used for malicious activity."

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

It added the malware is also able to load and click ads without users being aware, generating revenue for the hackers, and also access victim's accounts using stolen credentials.

The FBI has warned users to monitor their devices carefully, and make sure all their IoT devices come from a reputable source. Users are also instructed not to download apps from unauthorized app stores, and make sure their software and firmware is kept up to date.

The original BADBOX malware was detected in 2023 with a similar mode of operation, targeting cheap unbranded Android TV boxes.

The botnet was successfully disrupted by German authorities back in December 2024, but this doesn't seem to have dissuaded the hackers, who have managed to grow the network across the globe, leading to the re-classification as BADBOX 2.0.

BADBOX 2.0 was initially flagged in early 2025 by cybersecurity experts from the HUMAN's Satori Threat Intelligence team, which, together with multiple partners, removed dozens of malicious apps from the Play Store, banned their developers, and sinkholed communications for hundreds of thousands of infected devices.

Cheap Android TV boxes shipped with "unkillable" malware - here's what you need to know
We've rounded up the best password managers
Take a look at our guide to the best authenticator app

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Read Entire Article