Google is taking the hackers to court over a major Android fraud ring
Google sues alleged architects of BadBox 2.0, which hijacked millions of Android streaming devices.

What you need to know
- Google is suing hackers in China for hijacking over 10 million devices and building the sneaky BadBox 2.0 botnet.
- BadBox 2.0 was found on cheap Android streamers, tablets, and projectors—either preloaded with malware or infected during setup via sketchy apps.
- Google’s Play Protect now auto-blocks anything linked to BadBox 2.0, shutting the door on this botnet’s favorite tricks.
Google is going after unnamed individuals in China, claiming they hijacked over 10 million devices worldwide to build the BadBox 2.0 botnet, which was then used to run shady cyber schemes.
After reports from Human Security and Trend Micro exposed the BadBox 2.0 botnet, Google has confirmed it's taking the culprits to court (via BleepingComputer). Filed in a New York federal court this week, Google’s lawsuit claims BadBox 2.0 infected uncertified devices—like budget streaming boxes, tablets, and projectors—by either slipping in malware before they shipped or sneaking it in through shady apps on open-source Android systems.
The infected devices were then used to carry out widespread ad fraud and other cybercrimes. On the bright side, Google’s Ad Traffic Quality team has upgraded Play Protect to automatically shut down any apps tied to BadBox 2.0.
Google’s lawsuit points to specific infected devices, including Android TV boxes like the X88 Pro 10, T95, MXQ Pro, and QPLOVE Q9. Human Security has shared a longer list for those curious.
Is your device on the list?
If you’re using one of those flagged devices, it’s a good idea to disconnect it immediately. According to Google, the BadBox malware hides in the background and silently fakes ad clicks without tipping you off.
The FBI has put out a public warning about the scope of this threat, saying hackers are using compromised TV streamers, projectors, car infotainment systems, and even digital photo frames to break into home networks. Most of these infected devices, the agency notes, were made in China.
Hackers are slipping into home networks in two main ways: by loading malware onto devices before they’re even sold, or by sneaking it in during setup through shady apps with hidden backdoors. When these infected IoT devices go online, they can be roped into the BadBox 2.0 botnet or used as residential proxies, both of which are often tied to sketchy online activity.
Get the latest news from Android Central, your trusted companion in the world of Android
Ad fraud seems to be a major issue for Google here. The company says it's stuck footing the bill for fake ad traffic while also pouring time and resources into tracking and shutting down the botnet. On top of that, Google claims the whole thing chips away at user trust, hurts its reputation, and cuts into profits.

Jay Bonggolto always keeps a nose for news. He has been writing about consumer tech and apps for as long as he can remember, and he has used a variety of Android phones since falling in love with Jelly Bean. Send him a direct message via Twitter or LinkedIn.
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.