BleepingComputer reports that more than 1 million internet-exposed home devices, most of which are manufactured in China, were noted by the FBI to have been compromised by the BADBOX 2.0 malware campaign.
Malicious software downloaded by the vulnerable devices during the setup process facilitates infection with BADBOX 2.0, which then executes commands enabling residential proxy networks, credential stuffing intrusions, and ad fraud, according to the FBI alert. Home IoT device users have been urged to mitigate the threat of the botnet by evaluating network activity, downloading apps only from official stores, and regularly updating their devices, while potential compromise which could be evident in deactivated Google Play Protect settings and atypical internet traffic should prompt immediate device isolation and restricted internet access, said the FBI. Such an advisory comes months after HUMAN's Satori Threat Intelligence team disclosed the partial disruption of the BADBOX 2.0 botnet as part of an operation conducted alongside Google, Trend Micro, and the Shadowserver Foundation.
Malicious software downloaded by the vulnerable devices during the setup process facilitates infection with BADBOX 2.0, which then executes commands enabling residential proxy networks, credential stuffing intrusions, and ad fraud, according to the FBI alert. Home IoT device users have been urged to mitigate the threat of the botnet by evaluating network activity, downloading apps only from official stores, and regularly updating their devices, while potential compromise which could be evident in deactivated Google Play Protect settings and atypical internet traffic should prompt immediate device isolation and restricted internet access, said the FBI. Such an advisory comes months after HUMAN's Satori Threat Intelligence team disclosed the partial disruption of the BADBOX 2.0 botnet as part of an operation conducted alongside Google, Trend Micro, and the Shadowserver Foundation.
