Faced with the resurgence of cybersecurity threats, Google earlier launched a crackdown on the operators behind BadBox 2.0, one of the world's largest smart TV botnets.File a lawsuitThis lawsuit not only exposes cybercrime activities involving China, but also involves more than 1000 million uncertified Android devices that have been infected with malware or remotely infected, becoming tools for digital crime and advertising fraud.
According to information provided by Google to the court, the compromised devices included smart TV streaming boxes, tablets, and mini projectors, most of which were built on open versions of the Android operating system. These devices were either pre-installed with malicious software or had other backdoors downloaded through fake apps, turning them into remotely controlled zombie nodes, enabling large-scale click fraud, ad scams, and other illegal activities.
In response to this wave of attacks, Google not only initiated legal proceedings but also simultaneously upgraded Google Play Protect, which can now proactively block suspicious apps or download sources related to BadBox 2.0. This protective measure can help immediately prevent malicious attacks from spreading to more devices.
The FBI has also joined the investigation and issued an official warning last month, stating that the cyber activities involved in BadBox 2.0 have reached the scale of cross-border crime. The investigation has now expanded to include international cooperation, with the goal of fully dismantling the botnet's operational structure.
BadBox 2.0 isn't new. Its predecessor, BadBox, was first discovered in 2023 and also targeted the Android platform. It went on hiatus in 2024, but has returned with a more subtle attack and a dramatically expanded reach. Its sheer scale and sheer number of infected devices are reminiscent of the Glupteba cyberattack, which Google spearheaded in 2021 and compromised over a million Windows PCs.
For Google, combating such botnets is not only about protecting user safety, but also about the trust and stability of the entire Android ecosystem.
