CISO who helped unmask Badbox warns: Version 3 is coming

Badbox 2.0, the botnet that infected millions of smart TV boxes and connected devices before private security researchers and law enforcement partially disrupted its infrastructure, is readying for a third round of fraud and digital attacks, according to one of the threat hunters who uncovered the original scheme.

"We continue to try and shut them off wherever we can — that hasn't stopped," Human Security CISO Gavin Reid told The Register, referring to his team's ongoing collaboration with the FBI, Google, and others to disrupt the botnet. 

Badbox was first identified in 2022 as a malware campaign targeting Android-based devices preloaded with backdoors. Human Security's Satori researchers helped disrupt the operation by taking down its ad-fraud infrastructure and command-and-control servers in late 2022 and early 2023, before the botnet came roaring back even bigger and more sophisticated in early 2025 with Badbox 2.0.

This nastier variant ...