Over a Million Android Devices Pre-Installed with Password-Stealing Malware: How to Protect Yourself?

Tech
By 24matins.uk published 6 March 2025 at 7h53, updated on 6 March 2025 at 7h53.
Tech

Over a million Android devices have been infected with pre-installed malware that steals passwords. Learn how to effectively protect your smartphone from this hidden threat.

Disrupting BadBox 2.0: A Major Win Against Cybercriminals

A collaborative effort between HUMAN’s Satori Threat Intelligence team, Google, Trend Micro, and other entities has successfully disrupted the largest botnet of infected connected TV devices, known as BadBox 2.0. This botnet primarily affected lesser-known Android brands, with most devices coming preloaded with BadBox malware.

The Menace of BadBox 2.0

BadBox 2.0 is a malware-driven botnet that exploits low-cost Android devices for malicious activities, including fraud. According to HUMAN, this new version has infected over one million devices, chiefly in Brazil (37.6%), followed by the USA (18.2%), Mexico (6.3%), and Argentina (5.3%).

The infected devices, including Android TV streaming boxes, smart TVs, and smartphones, often have the malware pre-installed by manufacturers. Once active, the BadBox malware turns these devices into residential proxies that regularly connect to attacker-controlled servers to receive new commands and send back stolen data, such as passwords.

How to Protect Against BadBox 2.0

Google has taken steps to remove malicious apps linked to BadBox 2.0 from the Play Store. However, since Google cannot cleanse non-certified Android devices protected by Play Protect, BadBox cannot be completely eliminated.

Users are advised to avoid purchasing Android devices based on the AOSP project that lack official Google Play Services support. Additionally, keeping your firmware updated and installing the latest security patches as soon as they are available is recommended. Also, refrain from installing apps outside the Google Play Store and other official app stores.

“If a device is not certified by Play Protect, Google does not keep a record of its security and compatibility test results,” stated a Google spokesperson. It is crucial, therefore, to ensure that Google Play Protect is enabled on your device.