- Shortcuts is the best Apple app you're not using - and iOS 26 makes it even more powerful
- Every Apple Watch that will get WatchOS 26 (and which models won't be supported)
- How to enable data scientists without running up costs
- Samsung is giving away Freestyle projectors with this TV purchase - here's how to qualify
- The best iOS 26 features that will make updating your iPhone worthwhile
FBI Warns Smart Home Users of Badbox 2.0 Botnet Threat
The FBI has urged smart home users to look out for indicators of compromise (IoCs) in their connected devices after releasing a security alert about the Badbox 2.0 botnet.
In a Public Service Announcement (PSA), the law enforcement agency claimed that threat actors either install malware to the devices prior to purchase, or via “required applications” containing backdoors that must be downloaded during setup.
It said that affected devices, made mainly in China, include TV streaming devices, digital projectors, aftermarket vehicle infotainment systems, digital picture frames and other products.
“Once these compromised IoT devices are connected to home networks, the infected devices are susceptible to becoming part of the Badbox 2.0 botnet and residential proxy services known to be used for malicious activity,” the PSA added.
Read more on Badbox: Malware-Infected Devices Sold Through Major Retailers.
Badbox 2.0 is the second iteration of popular botnet malware that began circulating following disruption to the original Badbox campaign in 2024. Like its predecessor, it focuses on Android-based products.
“The Badbox 2.0 botnet consists of millions of infected devices and maintains numerous backdoors to proxy services that cybercriminal actors exploit by either selling or providing free access to compromised home networks to be used for various criminal activity,” the FBI claimed.
Users should be on the lookout for devices that require Google Play Protect settings to be disabled, and “generic TV streaming devices” advertised as unlocked or capable of accessing free content, the PSA warned.
They should also steer clear of unofficial app marketplaces and unrecognizable brands, and take action if they spot unexplained or suspicious internet traffic, it added.
The FBI said that, in order to minimize exposure to cyber risk, home internet users should:
- Monitor the internet traffic of their home networks
- Assess all IoT devices connected to home networks for suspicious activity
- Avoid downloading apps from unofficial marketplaces advertising free streaming content
- Keep all operating systems, software, and firmware up to date, and prioritize patching firewall vulnerabilities and known exploited vulnerabilities in internet-facing systems
Human Security detected 74,000 Android-based mobile phones, tablets, and connected TV boxes showing signs of infection, in the original Badbox campaign back in October 2023.
