Google sues alleged hackers behind BadBox 2.0 botnet which has infected millions of devices

News
By published

25 unnamed individuals allegedly operated a 10 million-strong botnet

China
(Image credit: Shutterstock)
  • Google files major lawsuit with a district court
  • The lawsuit claims Google lost money and reputation due to BadBox 2.0
  • 25 unnamed Chinese individuals are accused of running the scheme

Google has sued 25 unidentified Chinese citizens for building and operating the notorious BadBox 2.0 botnet.

A legal complaint filed by in the United States District Court for the Southern District of New York, said the defendants created and operated a botnet that infected more than 10 million internet-connected devices globally. The devices include TV streaming boxes, tablets, projectors, and car infotainment systems, primarily running on AOSP (Android Open Source Project), and not protected by Google Play Protect.

The malware either came preinstalled on devices (through a supply chain attack), or was downloaded via deceptive apps, and once infected, the devices connect to a command-and-control (C2) server, granting the threat actors remote control.

Residential proxy and ad fraud

The 25 people in the complaint allegedly used the botnet to offer residential proxies, commit ad fraud, and click fraud. Google says they sold access to infected devices as residential proxies, hiding the identity of the buyers, and allowing them to commit crimes of their own - account takeovers, credential theft, DDoS attacks, and more.

The defendants also used them to generate fake ad impressions and clicks, launch hidden browsers to interact with ad-heavy sites, and deploy “evil twin” apps that mimic legitimate apps, tricking both users and ad platforms.

The ad fraud part is particularly worrying for Google, it seems. The company says it is forced to pay for fraudulent ad traffic and spend resources to investigate and mitigate the botnet. It also argues that the botnet undermines trust in Google’s platform, eroding its reputation, which also leads to less profit down the line.

Unfortunately, the chances of China identifying and extraditing these individuals are next to none. The country rarely cooperates with the US on matters of cybersecurity, as the two countries are seen as adversaries, frequently trading blows in cyberspace.

Via The Register

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.