FBI: Millions of Cheap IoT Devices Infected by BadBox 2.0 Malware

The FBI has issued a formal warning about a major malware operation known as BadBox 2.0, which is actively compromising millions of off-brand and low-cost Internet of Things (IoT) devices across the globe. These include Android-powered streaming TV boxes, digital projectors, smart photo frames, and vehicle infotainment systems, many of which are purchased online from little-known manufacturers.

According to the alert, the malware is often pre-installed at the factory level, particularly in overseas production facilities, before the devices are even shipped to consumers. In other cases, the infection occurs during the initial device setup. Users are tricked into downloading seemingly legitimate applications from unofficial sources, or they are guided to turn off essential security protections such as Google Play Protect in order to complete installation steps.

Once infected, the devices become part of a massive botnet infrastructure. Specifically, BadBox 2.0 turns compromised devices into residential proxy nodes, meaning their internet connections can be covertly used by criminals to relay malicious traffic. This allows cybercriminals to obscure their real identities and conduct illegal activities—like click fraud, ad fraud, data scraping, credential stuffing, and accessing geo-restricted content—while appearing to operate from legitimate home networks.