A widespread malware campaign is currently affecting millions of smart home devices, including TVs, streaming boxes, and tablets running Android software. A recent FBI alert warns consumers about the BADBOX 2.0 botnet, which spreads through the Internet of Things (IoT) and gives threat actors access to home networks to conduct malicious activity.
Here’s what you need to know to protect your system and devices from BADBOX 2.0.
How BADBOX 2.0 works
BADBOX 2.0 is a malware campaign that targets consumer devices, most of which are low-cost, “off-brand” smart home electronics—smart TVs, digital projectors, picture frames, and tablets, for example—running on Android Open Source Project (AOSP). Once infected, the devices are connected to the threat actors’ command-and-control servers and become part of a botnet.
According to a report from HUMAN’s Satori Threat Intelligence and Research team, attacks may then be carried out in a number of forms: programmatic ad and click fraud, which loads and clicks ads in the background to generate revenue; and residential proxy services, allowing for account takeover, fake account creation, one-time password theft, and malware distribution. For example, threat actors can route traffic through a victim’s home IP address to hide malicious activity or use stolen data in credential stuffing attacks.
The current threat is an evolution of the original BADBOX malware, first identified in 2023, that came pre-loaded on devices prior to purchase. BADBOX 2.0 can spread through malicious Android apps found on Google Play and third-party app stores. The malware can also be downloaded from attack servers and installed upon initial startup.
What do you think so far?