The FBI has issued a warning that BADBOX 2.0 malware is surging through residential consumer electronics, infecting millions of internet-connected devices. The malware, often preloaded onto inexpensive streaming hardware and IoT devices, can steal your data and provide backdoor access to the device—and is extremely difficult to remove.
The BADBOX 2.0 Botnet Is Back
BADBOX 2.0 is the evolution of the original BADBOX malware. This malware was first identified in 2023, though it was partially taken down by a German cybersecurity agency that sinkholed the communication between infected devices. It disrupted the malware, but didn’t completely eliminate it.
Now, BADBOX 2.0 has built a massive botnet comprising more than one million devices, including smart TVs, IoT devices, streaming boxes, projectors, tablets, and more.
TheFBI’s BADBOX 2.0public service announcement revealed that most devices are preinfected with malware at the point of sale, with most coming from China.
Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process.
Once you connect an infected device to your network, it can “phone home” to the control network, which can in turn activate the BADBOX 2.0 malware. Once activated, your device becomes part of the BADBOX 2.0 botnet, and there may be little indication that you have an infected device in your home.
However, it’s not just preinstalled devices that contain BADBOX 2.0 malware. Where BADBOX relied primarily on this method, BADBOX 2.0 has been spotted using drive-by downloads to infect other devices. Similarly, the malware has been bundled into apps available for download on third-party Android marketplaces. This iswhy sideloading Android apps is such a danger.
What Does BADBOX 2.0 Do?
According toHuman Security, the security research team that first revealed BADBOX 2.0, the evolved malware has a range of dangerous and sneaky attacks.
What makes BADBOX 2.0 so concerning is that all of this activity takes place without alerting you. It’s not a type of malware that makes a song and dance about its presence; it wants to remain silent for as long as possible to maximize its chance of exploiting your device and data.
How to Check for BADBOX 2.0 Malware
First up, if you haven’t bought a Chinese streaming box or other Chinese internet-connected tech, you’re probably in the clear. However, check if you own any of the infected devices, as per Human Security’s table:
Device Model
X96Q_Max_P
ums512_1h10_Natv
X96mini_RP
X96mini_Plus1
LongTV_GN7501E
NETBOX_B68
X96MATE_PLUS
Projector_T6P
X96QPRO-TM
sp7731e_1h10_native
X96Mini_5G
Orbsmart_TR43
Fujicom-SmartTV
X96Max_Plus2
Next up, conduct a review of all of your internet-connected devices, no matter their origin. Check for suspicious app marketplaces that you haven’t installed, altered settings, and other changes to your devices you don’t remember making.
Unfortunately, removing BADBOX 2.0 from most devices is a difficult process because it involves flashing a new, clean firmware. For many cheap streaming boxes and IoT devices, a separate firmware update may not be available, which means you’ll have to cut your losses and ditch the device to protect your network and data.
