Google Fights Back Against Massive Android Malware Network
Imagine buying a new Android device, excited to use it, only to discover it's already infected with malware before you even turn it on. That's the harsh reality for millions of people who unknowingly purchased devices compromised by BadBox 2.0, a massive botnet. Google is now taking legal action to shut down this operation.
Google's lawsuit in New York targets the people behind BadBox 2.0, which they say is the largest known botnet targeting internet-connected TVs and other Android devices. The scale is staggering: over ten million devices compromised. These weren't your premium Android TVs or high-end tablets. We're talking about off-brand streaming boxes, cheap digital projectors, and low-cost tablets, often running a version of Android that lacks Google's security features. Many were sold under obscure brand names, with the malware pre-installed.
Once these infected devices connect to the internet, they become part of a hidden network controlled by cybercriminals. They're used for ad fraud, simulating fake clicks to steal money from advertisers. Even worse, some are sold as "residential proxies," allowing criminals to hide their online activity behind the IP addresses of unsuspecting users. It's like your device is secretly helping them commit crimes!
This botnet was discovered through a joint effort by Google, HUMAN Security, and Trend Micro. Google's team detected the suspicious activity early on, blocking malicious traffic and shutting down thousands of accounts attempting to profit from the scheme. Google Play Protect now detects and blocks apps exhibiting BadBox behavior, even if they're installed from outside the Play Store. That's a relief!
The FBI has issued a warning, urging people to inspect their connected devices for signs of tampering, particularly if they're from unfamiliar brands or required disabling Google Play Protect during setup. They say most of these devices were made in China and either came with pre-installed malware or were infected soon after setup through malicious apps from unofficial sources. This is a good example of why I always recommend to my friends to buy well-known brands, even if they are more expensive. Sometimes, the most cheap option may end up being too expensive.
By taking legal action, Google aims to hold the responsible parties accountable. While their security measures have limited the damage, it serves as a crucial reminder that the low price of a budget streaming device might hide a much bigger cost. It's a wake-up call to be more cautious about the devices we bring into our homes.
Source: AndroidAuthority