More Than 1 Million Android Devices Compromised By Hidden Backdoor - 1

Image by ROBIN WORRALL, from Unsplash

More Than 1 Million Android Devices Compromised By Hidden Backdoor

  • Written by Kiara Fabbri Former Tech News Writer
  • Fact-Checked by Sarah Frazier Former Content Manager

A team of cybersecurity researchers has uncovered and partially disrupted a large-scale fraud operation called BADBOX 2.0, which involved a botnet of over one million infected Android-based devices.

In a Rush? Here are the Quick Facts!

  • Researchers uncovered BADBOX 2.0, a botnet of over one million infected Android devices.
  • The botnet used pre-installed backdoors in uncertified Android devices for cybercrime.
  • Infected devices enabled ad fraud, account takeovers, DDoS attacks, and malware distribution.

The operation, an evolution of the original BADBOX campaign exposed in 2023, relied on backdoors pre-installed on low-cost, uncertified consumer devices to facilitate cybercriminal activities.

The investigation , led by HUMAN’s Satori Threat Intelligence and Research team in collaboration with Google, Trend Micro, Shadowserver, and other partners, revealed strong evidence linking the perpetrators behind BADBOX to the expansion of the BADBOX 2.0 scheme.

This scheme builds on the original BADBOX operation revealed in 2023 and represents the most extensive botnet of infected connected TV (CTV) devices ever identified, compromising over one million uncertified, low-cost Android devices worldwide.

BADBOX 2.0 exploits backdoors in consumer electronics such as off-brand tablets, CTV boxes, and digital projectors to deploy fraud modules remotely. These devices connect to command-and-control (C2) servers run by multiple cybercriminal groups.

The infection spreads through compromised supply chains, pre-installed malware, or third-party app downloads, enabling attackers to take control of unsuspecting users’ devices.

Once infected, these devices become part of a vast botnet used for fraudulent activities. Attackers use them for ad fraud by running hidden ads and simulating engagement, click fraud by directing traffic to fake domains, and automated browsing to inflate website traffic.

The botnet also enables cybercriminals to sell access to infected devices’ IP addresses for residential proxy services, facilitating account takeovers, fake account creation, and bypassing authentication systems.

Additionally, compromised devices are used in DDoS attacks, malware distribution, and one-time password (OTP) theft, allowing attackers to hijack user accounts.

The malware powering BADBOX 2.0 manipulates user behavior and engagement metrics through hidden ads and automated browsing, generating fraudulent ad revenue and distorting the digital advertising ecosystem.

HUMAN researchers identified four main cybercriminal groups involved in the operation. SalesTracker Group managed the BADBOX infrastructure and its expansion, while MoYu Group developed the backdoor, operated the botnet, and ran a click fraud campaign.

Lemon Group was linked to residential proxy services and fraudulent online gaming websites, and LongTV developed malicious CTV applications to facilitate hidden ad fraud.

To reduce exposure, users are advised to check whether their devices are Google Play Protect certified and avoid uncertified Android devices.

Waymo and Uber Launch Autonomous Ride-Hailing Service in Austin - 2

Photo by Hoseung Han on Unsplash

Waymo and Uber Launch Autonomous Ride-Hailing Service in Austin

  • Written by Andrea Miliani Former Tech News Expert
  • Fact-Checked by Sarah Frazier Former Content Manager

Waymo began offering robotaxi rides through Uber yesterday in Austin, Texas. Users in the area can experience the new technology at no extra cost.

In a Rush? Here are the Quick Facts!

  • Waymo and Uber launched robotaxi rides in Austin, allowing users to experience autonomous vehicles at no extra cost.
  • Riders booking UberX, Uber Comfort Electric, or Uber Green may be randomly matched with a Waymo self-driving car.
  • Users can adjust their Uber app settings to increase the chance of riding a Waymo robotaxi.

According to the official announcement shared by Uber , riders who request certain services—UberX, Uber Comfort Electric, or Uber Green—may be randomly assigned to Waymo’s Jaguar I-PACE, a fully autonomous vehicle (AV). Those matched with a robotaxi will be notified and can choose to accept or decline the ride.

“We’re excited to introduce our customers to a future of transportation that is increasingly electric and autonomous,” states Uber’s announcement. “In Austin, Waymo rides will only be available on the Uber app.”

The ride-sharing company explained more details on what to expect from the experience. “Once the Waymo arrives, riders can unlock the vehicle, open the trunk, and start the trip – all from their familiar Uber app,” states the document. Users will get access to customer support 24/7 through the vehicle and the app.

Those eager to try the autonomous vehicle experience can adjust their Ride Preference through their Uber app settings and select “autonomous vehicles” to increase their chance of getting a Waymo robotaxi.

The area where the service will be available is located from Hide Park to Montopolis to Downtown. The companies expect to expand the area in Austin soon and offer the service in Atlanta as well.

Waymo and Uber announced the partnership to provide AV services in Austin and Atlanta in September last year. The robotaxi company also signed a contract with Hyundai in October and announced a new expansion plan in Japan in December.

However, Waymo has also faced challenges, and the public seems to have mixed feelings about the technology . A few months ago, one of Waymo’s robotaxis collided with a sidewalk delivery robot from Serve Robotics , raising concerns for pedestrians and users’ safety.