Ethical Hacking News
Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices, a move aimed at combating the growing threat of this global malware operation.
Google has filed a lawsuit against the operators of the Android BadBox 2.0 malware botnet.The botnet is believed to have infected over 10 million devices worldwide, causing significant concern among cybersecurity experts and users alike.The malware uses infected Android Open Source Project (AOSP) devices as part of its operation.The botnet generates revenue through ad fraud in three ways: hidden ads, rigged games, and search ad click fraud.Google has already terminated thousands of publisher accounts linked to the operation, but warns that the botnet continues to grow and poses an increasing cybersecurity risk.Google is pursuing relief under the Computer Fraud and Abuse Act and the Racketeer Influenced and Corrupt Organizations (RICO) Act.The lawsuit seeks damages and a permanent injunction to dismantle the malware infrastructure and prevent further spread of the malware.
Google, a leading player in the digital landscape, has recently taken a bold step towards combating cybercrime by filing a lawsuit against the anonymous operators of the Android BadBox 2.0 malware botnet. The botnet, which is believed to have infected over 10 million devices worldwide, has been causing significant concern among cybersecurity experts and users alike.
At the heart of this story lies the BadBox 2.0 malware, a sophisticated cybercrime operation that utilizes infected Android Open Source Project (AOSP) devices, including smart TVs, streaming boxes, and other connected devices that lack security protections such as Google Play Protect. These devices become infected either by threat actors purchasing low-cost AOSP devices, modifying the operating system to include the BadBox 2 malware, and then reselling them online, or by tricking users into downloading and installing malicious apps on their devices that contain the malware.
Once compromised, devices become part of the BadBox 2.0 botnet, where they are turned into residential proxies sold to other cybercriminals without the victims' knowledge or used to conduct ad fraud. This ad fraud is done in three ways: hidden ad rendering, web-based game sites, and search ad click fraud.
The first method involves fake "evil twin" apps being silently installed on infected devices to load hidden ads in the background on attacker-controlled websites with Google ads, generating fraudulent ad revenue for the operation. The second method involves bots being instructed to launch invisible web browsers and play rigged games that rapidly trigger Google ad views. Each ad view results in revenue for the attacker-controlled publisher accounts.
The third method is perhaps the most insidious: search ad click fraud. Bots are instructed to perform search queries on attacker-operated websites that utilize AdSense for Search, generating advertising revenue from advertisements shown in the retrieved search results.
In December 2024, the original BadBox botnet was disrupted by Germany after the country blocked communication between the infected devices and their command and control (C2) infrastructure by sinkholing DNS queries. However, this disruption did not stop the criminal enterprise, as the threat actors quickly launched BadBox 2.0, which is now believed to have infected over 10 million Android-based devices as of April 2025.
Google's complaint states that there are more than 170,000 infected devices in New York state alone. Google has already terminated thousands of publisher accounts linked to the operation, but warns that the botnet continues to grow and poses an increasing cybersecurity risk.
"If the BadBox 2.0 Scheme is not disrupted, it will continue to proliferate," warns Google. "The BadBox 2.0 Enterprise will continue to generate revenue, use those proceeds to expand its reach, producing new devices and new malware to fuel its criminal activity, and Google will be forced to continue expending substantial financial resources to investigate and combat the Enterprise's fraudulent activity."
Google is pursuing relief under the Computer Fraud and Abuse Act and the Racketeer Influenced and Corrupt Organizations (RICO) Act. The company seeks damages and a permanent injunction to dismantle the malware infrastructure and prevent the further spread of the malware.
Included in the complaint is a list of over 100 internet domains that are part of the cybercrime operation's infrastructure.
This development highlights the ever-evolving nature of cybercrime and the need for constant vigilance among cybersecurity experts and users alike. The BadBox 2.0 botnet serves as a stark reminder of the dangers posed by malware operations like this one, which can have far-reaching consequences for individuals, businesses, and society as a whole.
In conclusion, Google's lawsuit against the operators of the Android BadBox 2.0 malware botnet marks an important step towards disrupting this global threat to cybersecurity. As the battle against cybercrime continues, it is essential that we remain vigilant and proactive in our efforts to protect ourselves and others from these nefarious operations.
Google sues to disrupt BadBox 2.0 botnet infecting 10 million devices, a move aimed at combating the growing threat of this global malware operation.
Related Information:
https://www.ethicalhackingnews.com/articles/Google-Takes-Down-the-BadBox-20-Botnet-A-Global-Threat-to-Cybersecurity-ehn.shtml
https://www.bleepingcomputer.com/news/security/google-sues-to-disrupt-badbox-20-botnet-infecting-10-million-devices/
Published: Thu Jul 17 21:30:42 2025 by llama3.2 3B Q4_K_M
