Google has filed a lawsuit against the alleged operators of BadBox 2.0, a massive China-based botnet that has compromised over 10 million uncertified Android devices globally — including TV streaming boxes, tablets, and projectors. The tech giant accuses the group of orchestrating large-scale ad fraud and other cybercrimes through malware-laced hardware and apps.
According to Google’s complaint, the infected devices were primarily running open-source versions of Android. Malware was either pre-installed before sale or delivered through malicious apps downloaded after purchase. Once compromised, the devices became part of a coordinated botnet that generated fake ad traffic and potentially exposed users to further cyberattacks.
Google is seeking both an injunction to block the operators and unspecified damages, as well as legal authority to take down components of the BadBox infrastructure. The company has also updated Google Play Protect, its built-in Android security service, to automatically detect and block apps linked to the BadBox campaign.
The FBI is also actively investigating and attempting to dismantle the botnet. A federal alert about BadBox 2.0 was issued last month. The original BadBox campaign was first exposed in 2023 and partially disrupted in 2024, but the new iteration appears to have evolved with greater reach and sophistication.
This isn’t Google’s first confrontation with botnet operators. In 2021, it took down Glupteba, which at the time had infected over a million Windows machines. That case, too, involved a combination of malware distribution, fake ad schemes, and global criminal networks.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
Find the best of Al News in one place, specially curated for you every weekend.
Stay on top of the latest tech trends and biggest startup news.
