Google sues to shut down BadBox 2.0 botnet affecting 10M devices
▼ Summary
– Google has sued the operators of the BadBox 2.0 malware botnet for running an ad fraud scheme targeting its advertising platforms.
– The botnet infects Android devices, including smart TVs and streaming boxes, either through pre-infected hardware or malicious apps, creating a backdoor for attackers.
– Compromised devices are used as residential proxies or for ad fraud, including hidden ad rendering, fake web-based games, and search ad click fraud.
– Despite previous disruptions, BadBox 2.0 has infected over 10 million devices globally, with Google terminating thousands of linked publisher accounts.
– Google seeks damages and a permanent injunction under U.S. laws, as the anonymous defendants are believed to be based in China.
Google has taken legal action to dismantle a sophisticated Android malware network known as BadBox 2.0, which has compromised millions of devices worldwide. The tech giant alleges the botnet operators engaged in large-scale ad fraud schemes targeting its advertising platforms, causing significant financial harm.
The BadBox 2.0 malware primarily targets Android Open Source Project (AOSP) devices, including budget smart TVs, streaming boxes, and other internet-connected gadgets lacking robust security measures. Cybercriminals infect these devices either by preloading malware onto cheap hardware before resale or by tricking users into downloading malicious apps. Once installed, the malware establishes a backdoor connection to remote servers, allowing attackers to control compromised devices remotely.
These hijacked devices are then repurposed into a botnet, performing fraudulent activities such as acting as residential proxies for other cybercriminals or executing ad fraud schemes. Google’s lawsuit specifically highlights three primary methods used by the botnet to exploit its advertising systems:
Hidden ad rendering: Malicious apps secretly installed on infected devices load ads in the background on attacker-controlled websites, generating illegitimate revenue.
In late 2024, German authorities successfully disrupted the original BadBox botnet by intercepting its command-and-control communications. However, the cybercriminals quickly rebranded their operation, launching BadBox 2.0, which has since infected an estimated 10 million devices globally, with over 170,000 compromised devices reported in New York alone.
Google has already shut down thousands of fraudulent publisher accounts linked to the scheme but warns that the botnet continues to expand. The company emphasizes that without intervention, the operation will only grow more sophisticated, using illicit profits to develop new malware variants and expand its reach.
Since the perpetrators remain unidentified and are believed to operate from China, Google is pursuing legal action under U.S. laws, including the Computer Fraud and Abuse Act and the RICO Act. The lawsuit seeks financial damages and a court order to dismantle the botnet’s infrastructure, preventing further spread of the malware.
As part of its complaint, Google has identified more than 100 domains associated with the cybercrime operation, aiming to disrupt the network’s operations permanently. The case underscores the growing challenge of combating large-scale digital fraud and the need for coordinated legal and technical countermeasures.
(Source: Bleeping Computer)
