This Android Malware Attacks Smart Home Devices Within the Internet of Things
A widespread malware campaign is currently affecting millions of smart home devices, including TVs, streaming boxes, and tablets running Android software.A recent FBI alert warns consumers about the BADBOX 2.0 botnet, which is spreading via the Internet of Things (IoT) and giving attackers access to home networks to carry out malicious activity.
Here’s what you need to know to protect your system and devices from BADBOX 2.0.
How BADBOX 2.0 works
BADBOX 2.0 is a malware campaign targeting consumer devices, most of which are low-cost “non-branded” smart home electronics such as smart TVs, digital projectors, photo frames, and tablets running the Android Open Source Project (AOSP). Once infected, the devices connect to the attackers’ command-and-control servers and become part of a botnet.
According to a report by HUMAN’s Satori Threat Intelligence and Research group, attacks can come in a variety of forms: programmatic advertising and click fraud, in which ads are downloaded and clicked in the background to generate revenue; and residential proxy services that allow account takeovers, create fake accounts, steal one-time passwords, and distribute malware. For example , attackers can route traffic through the victim’s home IP address to hide malicious activity or use the stolen data in credential stuffing attacks.
The current threat is an evolution of the original BADBOX malware, first identified in 2023, which was pre-loaded on devices before purchase. BADBOX 2.0 can be distributed through malicious Android apps found on Google Play and third-party app stores. The malware can also be downloaded from attack servers and installed on first run.
The scheme affected over a million devices worldwide, all of them manufactured in China and running AOSP. At this point, none of the known infected devices are particularly mass-produced (i.e., non-Play Protect-certified Android devices), but they are still popular in many countries and there is nothing to stop it from spreading to other models.
How to prevent BADBOX 2.0 infection
If you have any devices known to be affected by BADBOX 2.0, you should definitely look for signs of malicious activity. According to the FBI notice, possible indicators include unexplained or suspicious internet traffic, the presence of suspicious app stores, and Google Play Protect settings being turned off. You should also be careful when purchasing or connecting streaming devices sold as “unlocked,” Android devices that are not Play Protect certified, and IoT devices from brands you don’t recognize.
Other security recommendations include keeping all operating systems up to date with patches and security fixes for known vulnerabilities, and only downloading apps from trusted official marketplaces (don’t fall for “free streaming” apps). You should also monitor network traffic to spot anything suspicious and isolate any devices that may be compromised as quickly as possible.