30,000 Devices Infected with BadBox Malware in Germany
Germany’s Federal Office for Information Security (BSI) has assumed control of internet traffic originating within the country and directed towards the command-and-control (C2) servers operated by the BADBOX group. This decisive action by the authorities has successfully disrupted the malicious activities facilitated by the group’s malware.
According to BSI, approximately 30,000 devices in Germany were infected with the BadBox malware. These devices, running outdated Android versions, were shipped with pre-installed malicious software. All German internet service providers with over 100,000 subscribers are now required to reroute traffic associated with BADBOX to the agency’s servers.
First identified in October 2023, BADBOX has since built a botnet comprising over 280,000 devices. The malware proliferated through compromised Android and iOS applications and malicious firmware embedded in Android TV set-top boxes.
Experts indicate that BADBOX operates out of China and likely has access to hardware supply chains, enabling the integration of malware directly into device firmware. The botnet’s primary purpose is the covert installation of applications that later bombard device owners with intrusive advertisements.
BadBox operates with remarkable stealth: it can generate fake accounts for disseminating disinformation via messaging platforms and email, redirect traffic to fraudulent websites, and lease the user’s internet connection to third parties. This allows cybercriminals to exploit the device’s IP address for cyberattacks and the distribution of illegal content. Furthermore, BadBox is capable of downloading additional malicious payloads.
Internet service providers servicing infected device users are issuing warnings about the threat. However, the mass production of nearly identical device models, sold under various brand names, complicates the identification of a definitive list of vulnerable devices. The agency advises all device owners to inspect their connected devices and disconnect them from the internet if necessary.
Consumers purchasing new devices are urged to prioritize security features, including manufacturer support, an up-to-date operating system, and the brand’s overall reputation.
