FBI confirms BADBOX 2.0 botnet infected 1M+ devices across 222 countries. Learn infection signs, 74 compromised models, and critical mitigation steps.

Continue reading
The FBI confirms over 1 million consumer devices have been weaponised in the BADBOX 2.0 botnet – a sophisticated malware operation exploiting Chinese-manufactured smart devices to create criminal proxy networks.
Top 5 Infected Nations:
Devices manufactured with hidden backdoors in Chinese factories – undetectable to consumers.
Fake "system updates" inject persistent malware surviving factory resets.
Unofficial marketplaces (e.g., "free streaming" apps) bypass Google Play Protect.
| High-Risk Categories | Example Models |
|---|---|
| Android TV Boxes | X96Q, X96Max_Plus2, TX3mini |
| Smart Projectors | Projector_T6P, LongTV_GN7501E |
| Uncertified Tablets | KM9PRO, KM6, Q96MAX |
| Streaming Sticks | Q9 Stick, M8SPROW |
| Budget Smart TVs | Fujicom-SmartTV, TV008 |
Cybercriminals sell access to victims’ home IPs ($0.50-$5/day per IP) to mask:
Hidden processes generate $3M+/month by:
Botnet bypasses geo-blocks and rate limits using residential IPs to test:
(Numbered list for featured snippet targeting)
Check all IoT devices against the infected model list. Disconnect uncertified Android devices immediately.
Never disable Google Play Protect. Avoid "free streaming" apps like Mobdro or Cinema HD.
Look for suspicious outbound connections to:
Prioritize updates for:
> Expert Tip: Segment IoT devices on guest networks to limit breach impact.

A single ClickFix infrastructure is pushing StealC, Amatera, Remus, NetSupport, CastleLoader and a new loader called ResiLoader through fake Google/Cloudflare checks.