Summary: The BadBox Android malware botnet has been severely disrupted through the removal of 24 malicious apps from Google Play and the sinkholing of communications for over half a million infected devices. Known as ‘BadBox 2.0,’ this operation targets low-cost Android devices, turning them into tools for ad fraud and malicious activities. Despite these efforts, the botnet continues to pose a significant risk, particularly to devices that are not Play Protect certified, which remain vulnerable to pre-loaded malware.
Affected: BADBOX 2.0 botnet and Android devices globally
Keypoints :
- The disruption operation involved collaboration between HUMAN, Google, Trend Micro, and other security partners.
- Over 1 million devices have been infected, primarily consisting of low-cost Android-based devices sourced from mainland China.
- Google has taken additional steps by enforcing Play Protect rules and terminating publisher accounts involved in ad fraud, but risks remain for non-certified devices.