Google filed a federal lawsuit against 25 Chinese entities operating the BadBox 2.0 botnet , which has infected over 10 million Android devices worldwide through pre-installed malware and fraudulent applications .
The tech giant's legal action in New York federal court seeks to dismantle what researchers call "the largest known botnet of internet-connected TVs" ever discovered. The malicious network primarily targets uncertified Android devices including streaming boxes, tablets, digital projectors, and car infotainment systems manufactured in China.
"The BADBOX 2.0 botnet compromised over 10 million uncertified devices running Android's open-source software, which lacks Google's security protections," Google stated in its complaint filed July 11. "Cybercriminals infected these devices with pre-installed malware and exploited them to conduct large-scale ad fraud and other digital crimes."
Criminal enterprise operates through complex network structure
Court documents reveal the BadBox operation functions through four distinct criminal groups: the Infrastructure Group managing command-and-control servers, the Backdoor Malware Group developing pre-installed malware, the Evil Twin Group creating fraudulent app versions, and the Ad Games Group generating fake advertising revenue.
The botnet generates profits through multiple fraud schemes, including hidden ad loading, click fraud, and creating fake publisher accounts on Google's Ad Network. Infected devices unknowingly view advertisements, generating revenue for the criminal enterprise while exploiting Google's payment system.
"The sole purpose of the Enterprise's apps and websites is to provide ad space for BADBOX 2.0 bots to generate traffic," Google explained in its complaint, detailing how the operation monetizes compromised devices.
Court grants preliminary injunction against global operations
The federal court has issued a preliminary injunction mandating immediate cessation of botnet operations worldwide. The ruling compels internet service providers and domain registries to actively assist in dismantling the criminal infrastructure by blocking traffic to specified domains.
Google has already updated its Play Protect security system to automatically block BadBox-related applications. The FBI issued warnings about the botnet last month, highlighting its spread through supply chain compromises and malicious app downloads.
Stu Solomon, CEO of HUMAN Security , which assisted in the investigation, praised Google's action: "This takedown marks a significant step forward in the ongoing battle to secure the internet from sophisticated fraud operations that hijack devices, steal money, and exploit consumers without their knowledge."
The tech giant's legal action in New York federal court seeks to dismantle what researchers call "the largest known botnet of internet-connected TVs" ever discovered. The malicious network primarily targets uncertified Android devices including streaming boxes, tablets, digital projectors, and car infotainment systems manufactured in China.
"The BADBOX 2.0 botnet compromised over 10 million uncertified devices running Android's open-source software, which lacks Google's security protections," Google stated in its complaint filed July 11. "Cybercriminals infected these devices with pre-installed malware and exploited them to conduct large-scale ad fraud and other digital crimes."
Criminal enterprise operates through complex network structure
Court documents reveal the BadBox operation functions through four distinct criminal groups: the Infrastructure Group managing command-and-control servers, the Backdoor Malware Group developing pre-installed malware, the Evil Twin Group creating fraudulent app versions, and the Ad Games Group generating fake advertising revenue.
The botnet generates profits through multiple fraud schemes, including hidden ad loading, click fraud, and creating fake publisher accounts on Google's Ad Network. Infected devices unknowingly view advertisements, generating revenue for the criminal enterprise while exploiting Google's payment system.
"The sole purpose of the Enterprise's apps and websites is to provide ad space for BADBOX 2.0 bots to generate traffic," Google explained in its complaint, detailing how the operation monetizes compromised devices.
Court grants preliminary injunction against global operations
The federal court has issued a preliminary injunction mandating immediate cessation of botnet operations worldwide. The ruling compels internet service providers and domain registries to actively assist in dismantling the criminal infrastructure by blocking traffic to specified domains.
Google has already updated its Play Protect security system to automatically block BadBox-related applications. The FBI issued warnings about the botnet last month, highlighting its spread through supply chain compromises and malicious app downloads.
Stu Solomon, CEO of HUMAN Security , which assisted in the investigation, praised Google's action: "This takedown marks a significant step forward in the ongoing battle to secure the internet from sophisticated fraud operations that hijack devices, steal money, and exploit consumers without their knowledge."
You may also like
UAE's upcoming fines and fees in 2025: What everyone should watch for
Olly Murs misses radio show after wild night out as Mark Wright says 'no one can find him'
Tragic end for Saudi 'Sleeping Prince' after 20-year coma post London accident
IB ACIO Grade 2 Exam 2025: Registration Window For 3,717 Posts Opens At mha.gov.in; Details Here
Brits holidaying in Spain warned over mistake that could land them with £650 fine
