Although it is likely that you have not heard too much about him, there is a malware that has emptied himself in silence on Android: Badbox, a harmful software that has infected at least ten million devices In the world, creating one of the largest botnets that you have registration.
Google managed to patient it with the help of other IT security companies, thus reducing its danger and its transmission capacity. However, the company has decided to go further to try to give a lesson to its creators. Is like that Google sued Chinese hackers responsible for the Badbox virus And they will pay a very high price when they are captured.
For Google, the only way to stop Badbox is to go with everything, because there are also companies involved
As mentioned above, Botnet Badbox is one of the largest that has been recorded in recent years and is A problem that is not yet controlled. Yes, there are actions that have contributed to containing it, but goes further.
In fact, Google herself warned him “If the Badbox 2.0 scheme is not dismantled, it will continue to proliferate(…), producing new devices and malware to increase its criminal activity ».
For this and more, Google has decided to sue Badbox’s Chinese creatorsAlthough they are absolutely not certainty of their identity. The case was introduced this week to the Federal Court of the State of New York, in the United States, Copy in the law on the fraud and abuse of the computerAs well as the law of corrupt organizations influenced by organized crime.
There are no known details about the question, but it is known that Google would ask for compensation for damages. Also They requested the order of the Court for the people involvedwith the aim of Dismantle the infrastructure behind Badbox.
And if you ask you “How can it require anticipation and be effective if the identity of the people involved is not known?“. The truth is that it is quite simple, because there are some indications. Google, hand with Human security, micro trend and other computer security companiesthey managed to determine the following:
- The managers are located in ChinaSince then the infected devices that have been identified.
- The infected devices are manufactured and/or distributed by four company groups, in particular: Salestracker Group, Moyu Group, Lemon Group Y Longtv.
- All the groups involved They maintain some relationships with the Botnet C2 domains or with betting portals used in the criminal structure.
Therefore, everything indicates that the four groups mentioned above actively involved in the Badbox scheme And they are not victims. But to all these, What makes this malware so dangerous?
What is Badbox and why is it so dangerous? A little context
At the end of 2023 it was discovered that Android devices were distributed from China which were infected by the Badbox Trojan. That, or that were infected during their initial configuration when downloading harmful apps in the background without the user knew.
You have a record of Tablets, cell phones, smart TVs, TV boxes, projectorsInfotainment systems for the car, digital photographic frames and other devices with Android, but everyone had some things in common:
- Very low prices that made them very attractive For consumers and, therefore, it made them easy prey.
- Nobody had the Google Play Protect certificationSo they have not crossed the numerous security filters that this implies.
The distribution of Badbox through this method has reached more than a million devices in 222 countries or territories of the world, According to human security registers. However, the launch of Badbox 2.0 led to LThe new Botnet exceeds ten million devices Infected by April 2025, a gigantic figure. The goal of this malware? Different, some of them more serious than others:
- Advertising fraud: I load the display of ads on Google ads and other platforms on websites and creators.
- Click on the fraud: Execution of scripts in the background to be collected on platforms that pay to click ads.
- Services for residential proxy: To coordinate DDOS attacks, distribute malware, create fake accounts or steal credentials.
- Check the infected devices: Install other harmful software or steal sensitive data from them.
All this is possible thanks to the fact that Badbox is a trojan that It connects to violated devices in command and control server (Command-and-ConTrol, C2, in English), leaving them at the mercy of the hackers who manage them.
The original Badbox Badbox has already been completely dismantled, since December 2024. In addition, Google Play Protect blocks any app that brings its harmful codeThe same with that of Badbox 2.0. However, Badbox 2.0 has not been completely controlled and continues to cause chaosSo Google decided to act more strongly.
Will they stop the growth of this botnet and catch the people involved? I hope so, because everyone is good. However, this case is also an example of the following: that not everything that shines is gold and that If something seems too beautiful to be real, it probably hides something.
