Google sues operators behind botnet that targeted 10M Android devices
What's the story
Google has filed a lawsuit against the alleged operators of BadBox 2.0, a massive botnet based in China. The tech giant claims that the network has compromised over 10 million uncertified Android devices globally, including TV streaming boxes, tablets, and projectors. The lawsuit accuses the group of conducting large-scale ad fraud and other cybercrimes using malware-infected hardware and apps.
Cyber attack
How the BadBox campaign works
Google's complaint highlights that the compromised devices were mostly running open-source versions of Android. The malware was either pre-installed before sale or delivered through malicious apps downloaded after purchase. Once infected, these devices became part of a coordinated botnet that generated fake ad traffic and possibly exposed users to further cyberattacks.
Response
What Google is seeking through the lawsuit
Google is seeking an injunction to block the operators and unspecified damages. The company also wants legal authority to take down parts of the BadBox infrastructure. In response to this threat, Google has updated its built-in Android security service, Google Play Protect, to automatically detect and block apps linked to the BadBox campaign.
Ongoing investigation
FBI also investigating the matter
The Federal Bureau of Investigation (FBI) is also investigating and working to take down the botnet. A federal alert about BadBox 2.0 was issued last month. The original BadBox campaign was first exposed in 2023 and partially disrupted in 2024, but this new iteration seems to have evolved with greater reach and sophistication than its predecessor.
Information
Google has tackled similar threats before
This isn't the first time Google has gone up against botnet operators. In 2021, it took down Glupteba, which had infected over a million Windows machines at the time. That case also involved a mix of malware distribution, fake ad schemes, and global criminal networks.