Google has filed a lawsuit in New York to shut down a massive malware operation that has infected over 10 million Android devices worldwide, including TV streaming boxes, tablets, and digital projectors.
The malware, known as “BadBox 2.0,” operates as a botnet – an army of infected devices that can be controlled remotely by cybercriminals. Google described it as “already the largest known botnet of internet-connected TV devices” and warned it continues to grow daily.
“Without warning, it could be used to commit more dangerous cybercrimes, such as ransomware or distributed denial-of-service (DDoS) attacks,” Google stated in court documents filed Thursday.
The threat spreads through low-cost, no-name Android devices manufactured in China. The malware is either preinstalled on devices or downloads as fake apps during setup through unofficial app stores. Hackers then sell access to infected devices to other cybercriminals, providing them with launching pads for attacks in the US and other countries.
Security researchers first reported the threat in March, followed by an FBI warning last month. However, the FBI only said “millions” of devices were affected without providing specific numbers.
Google’s lawsuit identifies several affected device models, including Android TV boxes with model numbers X88 Pro 10, T95, MXQ Pro, and QPLOVE Q9. The malware targets devices running open-source versions of Android that lack Google’s security protections.
The lawsuit alleges the hackers behind BadBox 2.0 are based in China and include at least 25 individuals or entities, though their identities remain unknown. Google is requesting a permanent injunction to force internet services tied to the malware to cease operations.
The legal action targets dozens of internet domains operated by Cloudflare, GoDaddy, and NameCheap that Google has linked to the malware’s command-and-control servers. Shutting down these servers would disrupt the botnet’s operations.
Beyond its potential for serious cybercrimes, BadBox 2.0 currently generates fraudulent clicks for mobile advertisements, creating revenue for the criminal operation. “BadBox 2.0 is particularly dangerous not only due to its scale, but also its flexibility,” the lawsuit states.
Google advises owners of affected devices to disconnect them from the internet. The company said the lawsuit “enables us to further dismantle the criminal operation behind the botnet, cutting off their ability to commit more crime and fraud.”
