Google Takes Legal Action Against ‘BadBox 2.0’ Botnet That Compromised More Than 10,000,000 Devices

Tech giant Google is taking legal action against a Botnet that exploited over 10 million Internet-of-Things (IoT) Android devices.

In a new blog post , Google is announcing that it has filed a lawsuit in a New York federal court against BadBox 2.0 – the largest botnet of IoT television devices in the world – after it was discovered by its cybersecurity experts.

According to Google, BadBox 2.0 compromised over 10 million uncertified devices running the Android open source operating system and installed malware to “conduct large-scale ad fraud and other digital crimes.”

The original BadBox went down in 2023. BadBox 2.0 came into operation the following year and has been running since.

The tech giant says that it has already taken action to stop the threat, updating its security measures to automatically block all applications associated with the malicious botnet.

In a recent blog post, the cybersecurity firm HUMAN – a partner of Google – explains how BadBox 2.0 operates.

“BADBOX 2.0, like its predecessor, begins with backdoors on low-cost consumer devices that enable threat actors to load fraud modules remotely. These devices communicate with command-and-control (C2) servers owned and operated by a series of distinct but cooperative threat actors.

The BADBOX and BADBOX 2.0 threat actors exploit software or hardware supply chains or distribute seemingly benign applications that contain ‘loader’ functionality in order to infect these devices and applications with the backdoor.

Once a fraud module is deployed, infected devices may become part of a botnet and subsequently have the capacity to conduct several attacks.”

Some of the attacks the botnet is capable of include programmatic ad fraud, click fraud, and residential proxy services, which lead to account takeovers, fake account creations, DDoS attacks, malware distribution, and one-time password thefts, according to HUMAN.

The cybersecurity firm goes on to note that Android TV OS devices or Play Protect-certified Android devices were not affected by the exploit.

Generated Image: Midjourney