BadBox Malware Infects Close To 200,000 Android Devices

badbox-malware-infects-close-to-200,000-android-devices
BadBox Malware Infects Close To 200,000 Android Devices

There are many Android TV boxes out there for sale. Some are surprisingly cheap. Before you consider pulling the trigger on that cheap Android TV box, think again. This is because according to a report from the researchers at BitSight, the BadBox malware is back and that it has managed to infect close to 200,000 devices so far.

What is BadBox?

BadBox is an Android malware that is thought to be based on the “Triada” malware family. It infects devices made by lesser-known manufacturers. The attackers achieve this infection by targeting the supply chain, either by compromising the firmware used by manufacturers or by having employees manually install the malware on the devices.

One of the main purposes of the BadBox malware is to perform ad fraud or turn your device into a residential proxy. The attackers rent out these proxies to other users, who then use your device to conduct cyberattacks or fraudulent activities. This includes creating email or messenger accounts and using it for misinformation.

It can even go one step further by installing malicious payloads for more dangerous activities.

Not quite dead

BadBox is not a newly-discovered malware. In fact, it was originally discovered back in April 2023. This is when searcher Daniel Milisic bought a “T95” Android TV box. Milisic became suspicious of the device when it started to communicate with unknown websites. HUMAN’s Satori Threat Intelligence and Research Team later corroborated this and published their own comprehensive report on BadBox and PeachPit botnet operations.

See also  Tapo Intros A Palm-Scanning Door Lock At CES 2025

Researchers initially believed the BadBox botnet was dead after a sinkhole operation. Unfortunately, this recent report suggests it is alive and well and infecting more devices than ever.

The dangers of cheap, unknown devices

One of the appeals of Android is that it is open source, it allows companies to make all kinds of devices with it. This has resulted in all kinds of off-brand Android-powered devices like TV boxes, phones, media players, tablets, and more. Most of these devices tend to be extremely cheap, which might explain its appeal.

This doesn’t mean that higher-end products are immune to malware. In fact, researchers found that some devices made by Yandex contained the malware. The takeaway is, if something is too good to be true, there might be a catch. So the next time you are considering picking up the $50 Android TV box, perhaps spending a bit more on a more reputable brand could save you the headache.