After deploying a range of measures to suppress BadBox, a much larger threat quickly arrived.<\/p>\n
BadBox 2.0<\/h2>\n
BadBox 2.0 was discovered by HUMAN\u2019s Satori Threat Intelligence and Research team. Their\u00a0initial report<\/a>\u00a0published in March revealed how infected devices were able to request and click on ads without the user being aware, committing ad fraud and laundering.<\/p>\n As part of a botnet able to act as a residential proxy network, devices were also being used for account takeovers, DDoS attacks, and spreading malware. Since infected devices are also capable of executing new code delivered over the internet, without any user interaction, the potential for harm was unusually high.<\/p>\n <\/p>\n At the time the impact of BadBox 2.0 was described as global, with more than one million devices infected in 222 countries and territories. To prevent the spread, users were advised to only download apps from official marketplaces such as Google Play while avoiding off-brand devices.<\/p>\n A list of device model numbers made available since reveals that cheap set-top boxes manufactured in China appear to account for the majority of infected devices. However, laptop and desktop computers, smartphones, tablets, in-car entertainment devices and digital projectors have all been compromised too.<\/p>\n <\/p>\n In an\u00a0announcement<\/a> Google revealed that in partnership with HUMAN Security and Trend Micro, its researchers are now battling a botnet comprised of 10 million uncertified and infected devices, running Android\u2019s open-source software (Android Open Source Project), \u201cwhich lacks Google\u2019s security protections.\u201d<\/p>\n Google\u2019s actions include a lawsuit filed at a federal court in New York which began in May but with most documents sealed until recently. In addition to a temporary restraining order issued on May 30, on July 1 Google was awarded a preliminary injunction to mitigate the ongoing spread of malware, infection of new devices, and other \u201ccriminal schemes\u201d.<\/p>\n The identities of the defendants \u2013 Does 1-25 \u2013 are reportedly unknown but with some confidence Google\u2019s recently unsealed complaint places the blame firmly on bad actors in China who it believes would not comply with a judgment for money damages.<\/p>\n \u2022\u00a0The Infrastructure Group:<\/strong>\u00a0Established and manages the \u201ccommand-and-control\u201d C2 infrastructure (C2 Servers and domains) for BadBox 2.0.<\/em> Specific details are currently withheld, but it appears that Google has been granted broad permission based on claims under the Computer Fraud and Abuse Act (CFAA) and the Corrupt Organizations Act (RICO), to block (and require other entities to block) traffic to and\/or from IP addresses and certain domains.<\/p>\n Other reasonable measures, including seizing control of domain names through registrars and registries, are also at Google\u2019s disposal, to limit the botnet\u2019s ability to operate.<\/p>\n <\/p>\n The FBI\u2019s advice<\/a>\u00a0is for users to \u201cavoid downloading apps from unofficial marketplaces advertising free streaming content\u201d and \u201cassess all IoT devices connected to home networks for suspicious activity.\u201d<\/p>\n While avoiding unofficial marketplaces is straightforward, those looking for the latest movies and TV shows are unlikely to find suitable apps offering that content for free anywhere else. Monitoring home networks is likely to prove prohibitively difficult too.<\/p>\n There may be a very good argument for physically destroying these devices. The complaint states that the entire supply chain is compromised. \u201cThey are devices\u00a0manufactured<\/em>\u00a0by the BadBox 2.0 Enterprise,\u201d it reads.<\/p>\n But even if malware isn\u2019t preinstalled, it can be installed remotely when devices are switched on by the user or when users download apps designed to look attractive but carry a similarly malicious payload.<\/p>\n The preliminary injunction obtained by Google is available\u00a0here<\/a>\u00a0(pdf)<\/em><\/p>\n Source: \u00a0![\"human-badbox2\"](\"https:\/\/torrentfreak.com\/images\/human-badbox2.png.webp)
<\/picture><\/center> <\/p>\n![\"badboxes\"](\"https:\/\/torrentfreak.com\/images\/badboxes-select-fs.png.webp)
<\/picture><\/center> <\/p>\nLawsuit Filed in New York<\/h2>\n
\n\u2022\u00a0The Backdoor Malware Group:<\/strong>\u00a0Developed and preinstalls malware on the infected devices and uses that malware to operate a botnet composed of a subset of BadBox 2.0-infected devices to carry out a variety of ad fraud campaigns.<\/em>
\n\u2022\u00a0The Evil Twin Group<\/strong>: Develops apps that the BadBox 2.0 Enterprise uses to commit ad fraud via hidden ads.<\/em>
\n\u2022\u00a0The Ad Games Group:<\/strong>\u00a0Connected to an ad fraud campaign conducted through BadBox 2.0-infected devices that uses fraudulent \u201cgames\u201d to generate ads in hidden web browsers<\/em><\/p>\nGoogle Obtains Permission to Take Significant Action<\/h2>\n
![\"blocking](\"https:\/\/torrentfreak.com\/images\/blocking-measures.png.webp)
<\/picture><\/center> <\/p>\n![\"TorrentFreak\"](\"http:\/\/worldjusticenews.com\/news\/wp-content\/uploads\/2016\/11\/torrentfreak.png\")
<\/a> TorrentFreak.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"