259/68 Friday, July 18, 2025
Cybersecurity researchers have uncovered a new strain of malware, “BADBOX 2.0,” which has been found pre-installed in over one million Android-based IoT devices across 222 countries. This dangerous malware turns smart devices into proxy nodes in a global botnet, enabling cybercriminals to conduct large-scale fraud and malicious cyber activities. Due to its widespread distribution and stealthy integration into device firmware, even surviving factory resets, the FBI has classified BADBOX 2.0 as a global threat.
The malware operates with a highly sophisticated mechanism, particularly through a core backdoor library named libanl.so, deeply embedded in the device firmware during the manufacturing stage. This means victims are compromised as soon as they unbox and power on the device — a sharp contrast to typical malware that spreads through malicious downloads or fake apps. BADBOX 2.0 is designed to generate illicit revenue via hidden ad-click fraud and to offer proxy services to cybercriminal groups, allowing them to hide their tracks during illegal activities such as click fraud and credential stuffing attacks.
Devices most at risk include low-cost IoT gadgets such as smart TVs, streaming boxes, digital projectors, or budget Android tablets often sold via unverified online marketplaces or from non-reputable brands. These products are frequently the target of this supply-chain level infection.
Warning signs that a device may be infected with BADBOX 2.0 include:
- Unusual slowness or overheating
- Abnormal internet activity even when idle
- Google Play Protect being disabled
- The sudden appearance of suspicious or unknown apps
To protect yourself from this threat, experts recommend:
- Avoid purchasing extremely cheap or unbranded devices
- Choose products from reputable manufacturers with regular firmware updates and clear security documentation
- Verify the legitimacy of sellers and product reviews before making a purchase
Since BADBOX 2.0 is embedded at the firmware level, preventive action is critical, as detection and removal post-infection are extremely difficult.
Source https://hackread.com/badbox-2-0-preinstalled-android-iot-devices-worldwide/
