Cybersecurity experts have disrupted BadBox 2.0, a malware infecting over 500,000 Android devices. Google removed 24 malicious apps, and sinkholed several critical domains, effectively disrupting communication between infected devices and their command-and-control (C2) servers.
BadBox 2.0, a successor to the original BadBox malware, was primarily targeting low-cost and uncertified Android devices. These compromised devices were used as residential proxies, enabling cybercriminals to conduct ad fraud, credential stuffing, and other malicious activities. While the exact method of infection remains unclear, researchers suspect it may have happened during early production or at some point in the supply chain.
The infected devices were identified as Android Open Source Project (AOSP) devices, which lack Google’s Play Protect certification. Mainly manufactured in China and distributed globally, these devices were particularly vulnerable to large-scale cyber threats.
The ODFC provides assistance for cybersecurity related issues, including Digital Forensics. We have been sharing posts related to malware analysis (e.g., LuaDream and DogeRAT) and its impact, showcasing expertise in identifying threats and managing digital evidence.
— Email: cybersecurity@odfc.co.in
- WhatsApp +91 8779696580
- Website: 0DFC.com
.jpg)
