ADVERTISEMENT

Pre-installed Android malware BADBOX gets a 2.0 update, infects 1M devices

The infamous botnet BADBOX has received a major upgrade. Malware version 2.0 now affects over one million consumer devices, phoning to China and waiting for attack instructions. This malware comes preinstalled with cheap, off-brand Android devices.

Malicious Android App stores
Ernestas Naprys
Ernestas Naprys Senior Journalist
Mar 5, 2025 3 min read
badbox-geo

What is BADBOX 2.0 used for?

ADVERTISEMENT
  • SalesTracker Group: is responsible for the initial BADBOX operation. It staged and managed the C2 infrastructure for BADBOX 2.0.
  • MoYu Group: developed the backdoor for BADBOX 2.0, coordinated the variants of that backdoor and the devices on which they would be installed, operated a botnet composed of a subset of BADBOX 2.0-infected devices, operated a click fraud campaign, and staged the capabilities to run a programmatic ad fraud campaign.
  • Lemon Group: is connected to the residential proxy services created through the BADBOX operation and is connected to an ad fraud campaign across a network of HTML5 (H5) game websites using BADBOX 2.0-infected devices.
  • LongTV: is a brand run by a Malaysian internet and media company that operates connected TV (CTV) devices and makes apps for them. Some of its apps are linked to ad fraud using an “evil twin” technique, where malicious apps are disguised as legitimate ones.
Ernestas Naprys justinasv Niamh Ancell BW jurgita
Don’t miss our latest stories on Google News
Add us as your Preferred Source on Google.
ADVERTISEMENT