Skip to main content Tech Radar Pro Tech Radar Gaming Tech Radar Pro TechRadar the business technology experts Search TechRadar View Profile België (Nederlands) Deutschland North America US (English) Australasia New Zealand Expert Insights Website builders Web hosting Best website builder Best web hosting Best office chairs Best antivirus Expert Insights Recommended reading FBI warns outdated routers are being hacked and hijacked for criminal purposes Dodgy Android smartphones are being preloaded with Triada malware These malicious Android apps were installed over 60 million times - here's how to stay safe TVT DVRs become prime target for Mirai botnet Millions of users could fall for fake Facebook ad for a text-to-AI-video tool that is just malware Spyware combing for data 'of use to China' hidden inside religious and cultural apps Millions at risk as cybercriminals successfully compromise popular YouTube accounts: here's how to stay safe FBI warns dangerous BADBOX 2.0 malware has hit over a million devices - here's how to stay safe Mike Moore 6 June 2025 Smart TVs, streaming boxes, projectors, tablets, and IoT devices at risk When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. (Image credit: Shutterstock / Jaiz Anuar) FBI warns BADBOX 2.0 malware has infected over a million devices Cheap, Chinese-made, Android-powered devices often the victim Devices hijacked to become part of global botnet Over a million devices have been infected by a dangerous malware strain which has turned them into malicious proxies, the FBI has warned. In a new alert, the agency urged users to be on their guard against BADBOX 2.0, a malware threat which targets Android-powered devices, often made in China. The FBI warns devices such as smart TVs, streaming boxes, projectors, tablets, and other Internet of Things (IoT) devices could all be at risk or being turned into residential proxies which are then used for malicious activity. You may like FBI warns outdated routers are being hacked and hijacked for criminal purposes Dodgy Android smartphones are being preloaded with Triada malware These malicious Android apps were installed over 60 million times - here's how to stay safe BADBOX 2.0 malware warning "The BADBOX 2.0 botnet consists of millions of infected devices and maintains numerous backdoors to proxy services that cyber criminal actors exploit by either selling or providing free access to compromised home networks to be used for various criminal activity," the FBI warning states. It noted the affected devices often come with the malware preloaded, but it can also be transferred after installing firmware updates and malicious Android applications which have managed to get onto Google Play and third-party app stores. "Cyber criminals gain unauthorized access to home networks by either configuring the product with malicious software prior to the users purchase or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process," explained the FBI. "Once these compromised IoT devices are connected to home networks, the infected devices are susceptible to becoming part of the BADBOX 2.0 botnet and residential proxy services4 known to be used for malicious activity." Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. It added the malware is also able to load and click ads without users being aware, generating revenue for the hackers, and also access victim's accounts using stolen credentials. The FBI has warned users to monitor their devices carefully, and make sure all their IoT devices come from a reputable source. Users are also instructed not to download apps from unauthorized app stores, and make sure their software and firmware is kept up to date. The original BADBOX malware was detected in 2023 with a similar mode of operation, targeting cheap unbranded Android TV boxes. The botnet was successfully disrupted by German authorities back in December 2024, but this doesn't seem to have dissuaded the hackers, who have managed to grow the network across the globe, leading to the re-classification as BADBOX 2.0. BADBOX 2.0 was initially flagged in early 2025 by cybersecurity experts from the HUMAN's Satori Threat Intelligence team, which, together with multiple partners, removed dozens of malicious apps from the Play Store, banned their developers, and sinkholed communications for hundreds of thousands of infected devices. You might also like Cheap Android TV boxes shipped with "unkillable" malware - here's what you need to know We've rounded up the best password managers Take a look at our guide to the best authenticator app Social Links Navigation Deputy Editor, TechRadar Pro Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport. You must confirm your public display name before commenting Please logout and then login again, you will then be prompted to enter your display name. FBI warns outdated routers are being hacked and hijacked for criminal purposes Dodgy Android smartphones are being preloaded with Triada malware These malicious Android apps were installed over 60 million times - here's how to stay safe TVT DVRs become prime target for Mirai botnet Millions of users could fall for fake Facebook ad for a text-to-AI-video tool that is just malware Spyware combing for data 'of use to China' hidden inside religious and cultural apps Latest in Security Anthropic is building new Claude AI models specifically for US national security designed to handle classified information M&S CEO directly targeted by hackers demanding ransom payout OpenAI says it disrupted at least 10 malicious AI campaigns already this year Fake DocuSign and Gitcode sites are tricking victims into downloading malware - here's what you need to know Cisco warns over worrying security flaws in ISE affecting AWS, Azure cloud deployments - here's what you need to know Microsoft launches free cybersecurity protection for European governments against AI threats and more Latest in News What WWDC 2025 will tell us about future Apple hardware Whoops! A Garmin Index Sleep Monitor video was reportedly just leaked – by Garmin Spotify fans just got another free in-flight upgrade, thanks to this Starlink and United Airlines collab Google claims Chrome is now faster than ever – but I’m still worried that the browser remains a RAM hog Anthropic is building new Claude AI models specifically for US national security designed to handle classified information M&S CEO directly targeted by hackers demanding ransom payout LATEST ARTICLES FBI warns dangerous BADBOX 2.0 malware has hit over a million devices - here's how to stay safe Fujifilm GFX100RF vs Fujifilm X100VI: can an APS-C camera topple a medium-format model? What WWDC 2025 will tell us about future Apple hardware I'm a long-time iPad user, but the brilliant OnePlus Pad 3 has me questioning my loyalties IPVanish teams up with URC to promote cybersecurity outside the rugby pitch TechRadar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site. Contact Future's experts Terms and conditions Privacy policy Cookies policy Advertise with us Web notifications Accessibility Statement Future US, Inc. Full 7th Floor, 130 West 42nd Street, Please login or signup to comment Please wait...