BadBox Malware Turns Cheap Android Devices Into Cybercrime Tools

The FBI issued a warning that millions of low-cost Android devices could transform domestic networks into criminal platforms.

The devices used for streaming, in-car entertainment, and video projection contain a malware strain named BadBox, which according to Ars Technica, has existed in multiple forms since nearly a decade ago.

The powerful Trojan called Triada serves as the base for BadBox to by Android’s built-in security features. The cybersecurity firm Kaspersky first discovered Triada as one of the most sophisticated mobile Trojans in 2016.

Ars Technica notes that Google implemented a software update to block the malware, but it returned in 2019 as manufacturers pre-installed it on devices prior to consumer sale. Google confirmed the supply chain attack, and explained the measures they took to stop additional infections.

Security company Human Security discovered in 2023 that thousands of Android devices received pre-installed Triada-based backdoor software. Ars Technica explains that the backdoor allowed cybercriminals to execute fraudulent operations and hide illegal activities through home networks, while simultaneously generating artificial Gmail and WhatsApp s.

Ars Technica reports that Google, together with other tech organizations, launched a t operation to stop the BadBox 2.0 campaign. It was reported that this campaign infected more than one million Android devices during the first half of this year.

The devices didn’t have Google Play Protect certification, and ran on Android’s open-source version, instead of Android TV. Human Security researchers identified more than twelve TV models that suffered from this issue, as reported by Ars Technica.

Despite these efforts, the FBI says the threat continues. “The public is urged to evaluate IoT devices in their home for any indications of compromise and consider disconnecting suspicious devices from their networks,” the agency said.

The FBI advises s to look for suspicious behavior such as automatic connections to untrustworthy app stores, and alerts to disable Play Protect. The safest move? s should stay away from extremely inexpensive Android devices, especially when they come from unknown manufacturers.