![\"FBI](\"https:\/\/www.newsbeep.com\/uk\/wp-content\/uploads\/2025\/07\/1753563972_271_960x0.jpg\")
<\/p>\n<\/p>\n
Discconnect now, FBI warns 10 million Android users.<\/p>\n
NurPhoto via Getty Images <\/p>\n
Update, July 26, 2025: This story, originally published on July 25, has been updated with a statement from the researchers which initially disclosed and disrupted the BadBox 2.0 operation that the FBI and Google are tackling head-on. <\/p>\n
In March, I reported that one of the largest botnets of its kind ever detected had impacted over a million Android devices<\/a>. That massive attack was known as BadBox, but it has now been eclipsed by BadBox 2.0<\/a>, with at least 10 million Android devices infected. Google has taken action to protect users as best it can, as well as launching legal action against the attackers, and the FBI has urged impacted users to disconnect their devices from the internet. Here\u2019s what you need to know.<\/p>\n ForbesFBI Confirms Phantom Hacker Warning For All Android And iPhone UsersBy Davey Winder<\/a><\/p>\n The FBI, Google And Others Warn Of Android BadBox 2.0 Attacks<\/p>\n The FBI cybersecurity alert, I-060525-PSA<\/a>, could not have been clearer: ongoing attacks are targeting everything from streaming devices, digital picture frames, third-party aftermarket automobile infotainment systems and other assorted home smart devices. The devices, all low-cost and uncertified, mostly originating in China, allow attackers to access your home network and beyond by, the FBI warned, \u201cconfiguring the product with malicious software prior to the user\u2019s purchase.\u201d It has also been noted, however, that mandatory \u201csoftware updates\u201d during the installation process can also install a malicious backdoor.<\/p>\n Point Wild\u2019s Threat Intelligence Lat61 Team reverse-engineered <\/a>the BadBox 2 infection chain and, as a result, uncovered new indicators of compromise that have been shared with global Computer Emergency Response Teams, as well as law enforcement. \u201cThis Android-based malware is pre-installed in the firmware of low-cost IoT devices, smart TVs, TV boxes, tablets, before they even leave the factory,\u201d Kiran Gaikwad from the LAT61 team said, \u201cIt silently turns them into residential proxy nodes for criminal operations like click fraud, credential stuffing, and covert command and control (C2) routing.\u201d<\/p>\n Google, meanwhile, confirmed in a July 17 statement<\/a> that it had \u201cfiled a lawsuit in New York federal court against the botnet\u2019s perpetrators.\u201d Google also said that it has \u201cupdated Google Play Protect, Android\u2019s built-in malware and unwanted software protection, to automatically block BadBox-associated apps<\/a>.\u201d<\/p>\n ForbesMicrosoft\u2019s Critical Password Warning \u2014 Users Have 5 Days To ActBy Davey Winder<\/a><\/p>\n Human Security Behind Initial BadBox 2.0 Disclosure And Disruption<\/p>\n Human Security, whose Satori Threat Intelligence and Research Team originally both disclosed and disrupted the BadBox 2.0 threat campaign, said at the time that researchers believed<\/a> \u201cseveral threat actor groups participated in BadBox 2.0, each contributing to parts of the underlying infrastructure or the fraud modules that monetize the infected devices, including programmatic ad fraud, click fraud, proxyjacking, and creating and operating a botnet across 222 countries and territories.\u201d If nothing else, that provides some context to the scale of this campaign.<\/p>\n Now, Stu Solomon, the Human Security CEO, has issued the following statement: \u201cWe applaud Google\u2019s decisive action against the cybercriminals behind the BadBox 2.0 botnet our team uncovered. This takedown marks a significant step forward in the ongoing battle to secure the internet from sophisticated fraud operations that hijack devices, steal money, and exploit consumers without their knowledge. Human\u2019s mission is to protect the integrity of the digital ecosystem by disrupting cybercrime at scale, and this effort exemplifies the power of collective defense. We\u2019re proud to have been deeply involved in this operation, working in close partnership with Google, TrendMicro, and the Shadowserver Foundation. Their collaboration has been invaluable in helping us expose and dismantle this threat.\u201d<\/p>\n