Google has filed a federal lawsuit in New York targeting the perpetrators of the BadBox 2.0 botnet, which is believed to be the largest known botnet of internet-connected televisions and Android devices to date.
The company’s latest efforts, developed in partnership with cybersecurity firms HUMAN Security and Trend Micro, follow a comprehensive investigation that uncovered a sprawling network of over 10 million compromised Android-based devices worldwide.
Collaboration with HUMAN Security
The BadBox 2.0 operation focused on inexpensive, uncertified smart TVs and set-top boxes powered by the Android Open Source Project (AOSP).
Unlike Google-certified Android devices, AOSP-based hardware often ships without Google’s Play Protect security suite and other official defenses, leaving them particularly vulnerable to exploitation.
Researchers discovered that cybercriminals pre-installed malicious software directly onto these devices prior to consumer purchase.
This preloading enabled attackers to enroll devices in a massive botnet from the moment they were activated, unbeknownst to end-users.
Compromised devices were leveraged to conduct a range of criminal activities, with large-scale advertising fraud at the core of the operation.
By automating fake ad traffic and manipulating the digital advertising ecosystem, the operators behind BadBox 2.0 generated significant illicit profit while exposing advertisers, publishers, and users to broad financial and security risks.
The malware also facilitated other forms of digital crime, including data exfiltration and potential lateral attacks on home and business networks.
Federal Lawsuit and Enhanced Protections
Google’s Ad Traffic Quality team collaborated with global law enforcement and its cybersecurity partners to track the evolution of the botnet’s tactics and infrastructure. Swift action was taken to neutralize BadBox 2.0’s immediate threat.
Key measures included updates to Google Play Protect the company’s built-in malware and unwanted software protection service which now provides automated detection and blocking of applications associated with the BadBox family of malware.
This move aims to secure user devices already at risk and prevent further infections via the Android ecosystem.
In parallel with these technical interventions, Google has initiated legal proceedings against those responsible, marking a strategic shift in its efforts to wholistically dismantle the criminal enterprise.
The federal lawsuit filed in New York seeks not only to hold the operators accountable but also to sever their ability to profit from the botnet through injunctive relief and potential asset seizure.
The company asserts that such legal actions, when combined with continued technical vigilance, provide a powerful deterrent against future attacks on consumers and the broader digital ecosystem.
The scale and sophistication of BadBox 2.0 have drawn the attention of federal authorities. The FBI has issued a public alert regarding the threat posed by this malware campaign and is actively coordinating with Google to further disrupt the botnet’s operations.
The collaborative response highlights the increasing convergence of public and private sector resources in combatting sophisticated cyber threats that cross international borders.
Moving forward, Google reiterates its commitment to advancing device security, especially for marginalized or less-regulated segments of the Android device market.
The company urges manufacturers, sellers, and consumers to prioritize the use of certified devices equipped with robust malware protections while advocating for stricter supply chain security protocols.
As threat actors continue to innovate, relying on weaker links in the device ecosystem, Google’s latest legal and technical efforts represent a comprehensive push to fortify the integrity of connected environments globally.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant updates
