Google Warns 10 Million Android Users of BadBox Malware Infection

A widespread malware threat known as BadBox 2.0 has infected over 10 million uncertified Android devices, including TV set-top boxes, tablets, and digital projectors, mostly cheap gadgets made in China. This malware, pre-installed or installed during device setup, enables cyber criminals to conduct large-scale ad fraud, ransomware attacks, and other digital crimes by exploiting vulnerabilities in devices running Android Open Source Project without Google's security protections. Google has filed a lawsuit in New York federal court to dismantle the criminal operation behind BadBox, while the FBI has issued alerts urging consumers to evaluate and disconnect suspicious IoT devices from their home networks. Known infected devices include Android TV boxes with model numbers X88 Pro 10, T95, MXQ Pro, and QPLOVE Q9, though the full scope of affected devices is unclear. Google emphasizes that this botnet is the largest known of internet-connected TV devices and warns it could escalate to more dangerous cybercrimes such as ransomware or DDoS attacks. Consumers are strongly advised to turn off affected devices immediately and verify whether their devices are Google Play Protect-certified to avoid infection.