banner1
banner2

HOME
Breaking News

Badbox 2.0 malware hits 1 million+ Android devices, FBI issues global warning

by VARINDIA 2025-06-07
Badbox 2.0 malware hits 1 million+ Android devices, FBI issues global warning

Linked to the Triada malware family, Badbox 2.0 conducts large-scale ad fraud and credential theft by silently clicking ads, hijacking user accounts, and turning infected Android devices into proxy nodes to obscure malicious activity origins

 

 

The US Federal Bureau of Investigation (FBI) has raised a red flag over a rapidly spreading malware threat known as Badbox 2.0, which has compromised over one million Android-powered devices across the globe. The malware was first detected in 2023 on a T95 Android TV box sold via Amazon and has since been found embedded in a range of unbranded or low-cost smart TVs, streaming boxes, tablets, and IoT devices—primarily manufactured in China and shipped worldwide.

Cybersecurity analysts link Badbox 2.0 to the Triada malware family, with its primary objectives being large-scale ad fraud and credential theft. The malware silently clicks ads in the background to generate revenue for threat actors while also stealing user credentials for potential account hijacking. Infected devices are often used as proxy nodes, making it difficult to trace the origin of malicious traffic.

The scale of the infection is significant. According to threat intelligence from cybersecurity firm Bitsight and HUMAN’s Satori team, more than 1.6 million devices have been compromised—primarily in countries such as India, Russia, Brazil, China, Ukraine, and Belarus. Notably, the malware has also been found on products from well-known brands like Hisense and Yandex.

Uncertified Android devices at risk

The FBI and cybersecurity experts note that most affected devices run on the Android Open Source Project (AOSP), which lacks Google Play Protect certification. This makes them particularly vulnerable, especially if running outdated firmware. Infections are often introduced during manufacturing or through third-party app installations by users.

Visible symptoms of infection include sluggish performance, high CPU usage, overheating, altered settings, or the sudden appearance of suspicious apps or marketplaces. In some cases, the malware disables Google Play Protect or grants free access to paid streaming content.

Despite a temporary disruption of its botnet infrastructure by German authorities in 2024, Badbox has proven resilient. As of early 2025, it remains active in over 220 countries and territories.

The FBI advises consumers and businesses to avoid uncertified Android devices, keep firmware updated, and install apps only from trusted sources to minimize exposure to this growing threat.

 
er

See What’s Next in Tech With the Fast Forward Newsletter

SECURITY
View All
Barracuda unveils BarracudaONE – its AI-powered cybersecurity platform in India

Barracuda unveils BarracudaONE – its AI-powered cybersecurity platform in India

Seqrite and SecureKloud to strengthen cybersecurity for enterprises in India

Seqrite and SecureKloud to strengthen cybersecurity for enterprises in India

Zscaler announces AI innovations to enable businesses to embrace AI securely

Zscaler announces AI innovations to enable businesses to embrace AI securely

SOFTWARE
View All
Meritto brings AI autonomy to education with Mio launch

Meritto brings AI autonomy to education with Mio launch

Contentstack unveils first-ever native audience analytics in CMS for real-time digital experience optimization

Contentstack unveils first-ever native audience analytics in CMS for real-time digital experience optimization

Elastic brings enterprise data to NVIDIA AI Factories

Elastic brings enterprise data to NVIDIA AI Factories

START - UP
View All
GTT Data reports ₹16.53 Cr revenue, sets sights on AI-driven expansion

GTT Data reports ₹16.53 Cr revenue, sets sights on AI-driven expansion

Crayon announces ISV Incubation Center in Pune

Crayon announces ISV Incubation Center in Pune

Data Safeguard Secures Seed Funding from Auxano Capital

Data Safeguard Secures Seed Funding from Auxano Capital

Tweets From @varindiamag

CIO - SPEAK
Automation has the potential to greatly improve efficiency and production

Automation has the potential to greatly improve efficiency and production

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Various approaches are followed to enhance efficiency, productivity, and cost-effectiveness

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

Technology can be leveraged in several ways to boost efficiency, productivity and reduce cost

wew
wrdf
Start-Up and Unicorn Ecosystem
Regulatory Pressure Spurs Cybersecurity Spending

Regulatory Pressure Spurs Cybersecurity Spending

India Tops Global AI Trust with 76% Confidence 🇮🇳

India Tops Global AI Trust with 76% Confidence 🇮🇳

Hidden Dangers in the Cloud: Public Storage Missteps Exposed

Hidden Dangers in the Cloud: Public Storage Missteps Exposed

Tesla Pi Tablet Rumours Shake Up Tablet Market: Innovation Incoming

Tesla Pi Tablet Rumours Shake Up Tablet Market: Innovation Incoming

It’s time to Secure Enterprise AI from Model Poisoning

It’s time to Secure Enterprise AI from Model Poisoning

Regulated Industries Embrace On-Premise AI for Compliance & Control

Regulated Industries Embrace On-Premise AI for Compliance & Control

Sadhguru Seeks Court Protection Against AI Deepfakes

Sadhguru Seeks Court Protection Against AI Deepfakes

Travel Smarter: Stay Alert to Tourism Scams

Travel Smarter: Stay Alert to Tourism Scams

India Surpasses Japan to Become the World’s 4th Largest Economy

India Surpasses Japan to Become the World’s 4th Largest Economy

India Needs 50 Million Sq Ft More Data Center Space by 2030: Deloitte

India Needs 50 Million Sq Ft More Data Center Space by 2030: Deloitte

dsf