Google has filed a lawsuit in New York federal court against the operators of the BadBox 2.0 botnet, marking a significant escalation in the tech giant’s fight against cybercriminal networks.The malware campaign represents the largest known botnet of internet-connected television devices, compromising over 10 million uncertified [Android devices](https://cybersecuritynews.com/microsoft-bans-android-devices/) worldwide.BadBox 2.0 emerged as a sophisticated threat targeting devices running Android’s open-source software without Google’s integrated security protections.The malware operators exploited the vulnerability gap in uncertified devices, pre-installing malicious code that remained dormant until activation.This strategic approach allowed cybercriminals to establish persistent access to millions of connected TVs and [streaming devices](https://cybersecuritynews.com/40000-internet-connected-cameras-exposed/) across global networks.The botnet’s primary attack vector involved manufacturing partnerships with device producers who unknowingly distributed compromised hardware.Once deployed in consumer environments, the infected devices conducted large-scale ad fraud operations, generating illegitimate revenue streams while remaining largely undetected by users.Google researchers [identified](https://blog.google/technology/safety-security/google-taking-legal-action-against-the-badbox-20-botnet/) the malware’s sophisticated evasion techniques, which included mimicking legitimate network traffic patterns and operating during low-usage periods.Google analysts working alongside HUMAN Security and Trend Micro researchers noted the malware’s advanced persistence mechanisms during their investigation.The collaborative effort revealed BadBox 2.0’s ability to maintain command-and-control communications through encrypted channels, making traditional network monitoring ineffective.**Infection Mechanism and Persistence Architecture**—————————————————-The malware’s infection mechanism relies on firmware-level integration during the manufacturing process.BadBox 2.0 embeds itself within the Android Open Source Project framework, establishing deep system-level access that survives factory resets.The malware creates hidden service processes that communicate with remote servers, enabling operators to push additional payloads and update [attack strategies](https://cybersecuritynews.com/5-strategies-for-mitigating-the-impact-of-cybersecurity-attacks-on-public-services/) dynamically.Google’s Ad Traffic Quality team has since updated Google Play Protect to automatically identify and block BadBox-associated applications, while the FBI continues coordinating with international law enforcement agencies.**Boost detection, reduce alert fatigue, accelerate response; all with an interactive sandbox built for security teams –> [Try ANY.RUN Now](https://any.run/demo?utm_source=csn&utm_medium=article&utm_campaign=top3_ciso_challenges&utm_content=demo_1&utm_term=160725)**The post [Google Sued BadBox 2.0 Malware Botnet Operators That Infects 10 Million+ Devices](https://cybersecuritynews.com/google-sued-badbox-2-0-malware-botnet-operators/) appeared first on [Cyber Security News](https://cybersecuritynews.com).
Related Tags:
Play
NAICS: 334 – Computer And Electronic Product Manufacturing
NAICS: 519 – Web Search Portals
Libraries
Archives
Other Information Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 33 – Manufacturing – Metal
Electronics And Other
NAICS: 516 – Broadcasting And Content Providers
NAICS: 51 – Information
Financial Theft
Blog: Cybersecurity News
Associated Indicators: