BADBOX 2.0 Malware Hits Over a Million Android Devices in Global Cyber Threat

HUMAN’s Satori Threat Intelligence and Research team, in collaboration with Google, Trend Micro, and Shadowserver, has uncovered and partially disrupted a massive cyber fraud operation named BADBOX 2.0.

This operation, an evolved iteration of the original BADBOX malware disclosed in 2023, has infected over 1 million Android Open Source Project (AOSP) devices worldwide, marking it as the largest botnet of infected connected TV (CTV) devices ever documented.

Botnet Scale Targets Low-Cost Android Devices

Unlike certified Android TV OS devices, these low-cost, off-brand gadgets ranging from CTV boxes to tablets and digital projectors originate primarily from mainland China and have been observed generating malicious traffic across 222 countries and territories, with significant impact in Brazil, the United States, and Mexico.

BADBOX 2.0 operates through a deeply embedded backdoor, dubbed BB2DOOR, which exploits modified Android native libraries like libanl.so to grant threat actors ...