Google Sues Operators of 10-Million-Device Badbox 2.0 Botnet (securityweek.com)
(Friday July 18, 2025 @11:30PM (BeauHD)
from the cease-and-desist dept.)
- Reference: 0178413654
- News link: https://yro.slashdot.org/story/25/07/18/2212220/google-sues-operators-of-10-million-device-badbox-20-botnet
- Source link: https://www.securityweek.com/google-sues-operators-of-10-million-device-badbox-2-0-botnet/
Google has [1]filed a lawsuit to dismantle the sprawling Badbox 2.0 botnet , which [2]infected over 10 million Android devices with pre-installed malware. Badbox 2.0 "is already the largest known botnet of internet-connected TV devices, and it grows each day. It has harmed millions of victims in the United States and around the world and threatens many more," Google said in [3]its complaint . SecurityWeek reports:
> The internet giant cautions that, while it has been used mainly for fraud, the botnet could be used for more harmful types of cybercrime, such as ransomware or distributed denial-of-service (DDoS) attacks. In addition to pre-installing the malware on devices, Badbox 2.0's operators also tricked users into installing infected applications that provided them with further access to their personal devices, Google says. As part of their operation, the individuals behind Badbox 2.0 sold access to the infected devices to be used as residential proxies, and conducted ad fraud schemes by abusing these devices to create fake ad views or to exploit pay-per-click compensation models, the company continues. The internet giant also points out that this is the second global botnet the perpetrators have built, after the initial Badbox botnet was disrupted by German law enforcement in 2023.
>
> According to Google, Badbox 2.0 is operated by multiple cybercrime groups from China, each having a different role in maintaining the botnet, such as establishing infrastructure, developing and pre-installing the malware on devices, and conducting fraud. "The BadBox 2.0 Enterprise includes several connected threat actor groups that design and implement complex criminal schemes targeting internet-connected devices both before and after the consumer receives the device," Google says. "While each member of the Enterprise plays a distinct role, they all collaborate to execute the BadBox 2.0 Scheme. All of the threat actor groups are connected to one another through the BadBox 2.0 shared C2 infrastructure and historical and current business ties," the company continues.
[1] https://www.securityweek.com/google-sues-operators-of-10-million-device-badbox-2-0-botnet/
[2] https://it.slashdot.org/story/25/06/06/2033225/fbi-badbox-20-android-malware-infects-millions-of-consumer-devices
[3] https://blog.google/technology/safety-security/google-taking-legal-action-against-the-badbox-20-botnet/
> The internet giant cautions that, while it has been used mainly for fraud, the botnet could be used for more harmful types of cybercrime, such as ransomware or distributed denial-of-service (DDoS) attacks. In addition to pre-installing the malware on devices, Badbox 2.0's operators also tricked users into installing infected applications that provided them with further access to their personal devices, Google says. As part of their operation, the individuals behind Badbox 2.0 sold access to the infected devices to be used as residential proxies, and conducted ad fraud schemes by abusing these devices to create fake ad views or to exploit pay-per-click compensation models, the company continues. The internet giant also points out that this is the second global botnet the perpetrators have built, after the initial Badbox botnet was disrupted by German law enforcement in 2023.
>
> According to Google, Badbox 2.0 is operated by multiple cybercrime groups from China, each having a different role in maintaining the botnet, such as establishing infrastructure, developing and pre-installing the malware on devices, and conducting fraud. "The BadBox 2.0 Enterprise includes several connected threat actor groups that design and implement complex criminal schemes targeting internet-connected devices both before and after the consumer receives the device," Google says. "While each member of the Enterprise plays a distinct role, they all collaborate to execute the BadBox 2.0 Scheme. All of the threat actor groups are connected to one another through the BadBox 2.0 shared C2 infrastructure and historical and current business ties," the company continues.
[1] https://www.securityweek.com/google-sues-operators-of-10-million-device-badbox-2-0-botnet/
[2] https://it.slashdot.org/story/25/06/06/2033225/fbi-badbox-20-android-malware-infects-millions-of-consumer-devices
[3] https://blog.google/technology/safety-security/google-taking-legal-action-against-the-badbox-20-botnet/
Block china entirely (Score:3)
by rossz ( 67331 )
Given that China doesn't allow everyday citizens unlimited access to the internet, we can assume the only ones allowed out are bad actors like badbot, so blocking China entirely would be a net benefit for the entire world. We'd have to get the VPN operators to cooperate, which is near impossible since they'd sell their own mothers for a quick buck.
Shouldn't users be suing google ? (Score:1)
by NewID_of_Ami.One ( 9578152 )
Shouldn't users be suing google for having this come 'pre-installed' ?
Sounds good, but ... (Score:2)
... how do you sue someone, nobody knows who and where is? I understand, somebody had to start doing it. And we probably owe Google a thank you. This just sounds impossible.
Re: (Score:2)
They know where they are. They're in China!
Re: (Score:2)
China has some walls, I have heared.
So the lawsuit isn't like when you sue somebody (Score:2)
This is a multi-billion dollar corporation with congressman on speed dial. This is basically setting up the justice department to go after the botnet directly. Google is just filing the paperwork to legitimize everything.