Mishaal Rahman / Android Authority
TL;DR
- Google is suing the creators of BadBox 2.0, a botnet that infected 10 million off-brand Android devices.
- The malware often came pre-installed on cheap streaming boxes, tablets, and projectors, mostly made in China.
- Infected devices were used for ad fraud and to hide other cybercriminals’ activity behind your home network.
Before they even turned it on, the device was already infected. That’s the reality for millions who unknowingly bought Android-powered devices hijacked by BadBox 2.0, a massive botnet that Google is now trying to shut down in court.
As detailed in a blog post, Google is filing a new lawsuit in New York against the group behind the operation. It says BadBox 2.0 is the largest known botnet targeting internet-connected TVs and other Android-based gadgets. According to the company, more than ten million devices were compromised.
These weren’t high-end Android TVs or certified tablets. Think of off-brand streaming boxes, digital projectors, and low-cost tablets, mostly running Android Open Source Project, which lacks Google’s built-in security protections. Many were sold under unfamiliar brand names, and in many cases, the malware was already baked in when buyers took them out of the box.
Robert Triggs / Android Authority
Once powered on and connected to the internet, the devices became part of a hidden network controlled by cybercriminals. Some were used to commit large-scale ad fraud, simulating fake ad clicks to steal money from advertisers. Others were sold off as part of “residential proxy” services, allowing shady actors to route their traffic through real users’ home networks and effectively hiding their tracks behind the unsuspecting user’s IP address.
The botnet was uncovered through a joint investigation by Google, HUMAN Security, and Trend Micro. Google says its Ad Traffic Quality team spotted the activity early, blocking bad traffic and shutting down thousands of accounts trying to profit from the scheme. On your end, Google Play Protect now flags and blocks apps with BadBox behavior, even if they’re sideloaded from outside the Play Store.
The FBI has also issued a public warning, urging people to check their connected devices for signs of tampering or strange behavior, especially if the hardware came from an unknown brand or required you to disable Google Play Protect during setup. The agency says most of the compromised gadgets were manufactured in China and sold with malware pre-installed, or infected shortly after setup via malicious apps from unofficial app stores.
By taking the case to court, Google hopes to target the people behind the scheme. While the company’s protections contained the damage, it’s another reminder that the real cost of a budget streaming box might not be just what you pay at checkout.
