Cybercriminals target smart homes as BadBox 2.0 botnet spreads globally

[Skye Jacobs]

A hot potato: The resurgence of BadBox 2.0 poses new risks that consumers should be aware of. As unregulated, low-cost IoT devices become increasingly common in households around the world, it's essential to understand the potential dangers they present.

A new wave of cyberattacks is targeting household technology, as the FBI has issued a warning about the resurgence of the BadBox 2.0 botnet. This sophisticated network of compromised Internet of Things devices is being exploited by cybercriminals to infiltrate home networks on a massive scale, raising fresh concerns about the security of everyday smart devices.

The campaign's global footprint spans more than 220 countries and territories, with infections reported in everything from budget streaming boxes to uncertified digital photo frames.

The original BadBox operation first came to light in 2023, when security researchers discovered that certain Android-based devices – primarily off-brand, low-cost gadgets not certified by Google Play Protect – were being sold with malware embedded directly in their firmware.

These devices, often manufactured in China and shipped worldwide, included streaming boxes, digital projectors, and even vehicle infotainment systems.

While the initial BadBox campaign was partially disrupted in 2024 through coordinated action by cybersecurity firms, tech companies, and international law enforcement (including a joint operation between German authorities and Google), the threat quickly adapted. The botnet evolved to bypass many of the countermeasures deployed against it, signaling a dangerous new phase in IoT-focused cybercrime.

BadBox 2.0, the latest iteration of the botnet, has proven even more insidious than its predecessor. While the original version primarily infected devices during manufacturing, BadBox 2.0 can compromise hardware both at the factory and after it reaches consumers. Devices may arrive with firmware-level backdoors already installed or become infected during initial setup if users download apps from unofficial marketplaces.

Security analysts have identified at least four interconnected groups behind the botnet – SalesTracker, MoYu, Lemon, and LongTV – each specializing in a different phase of the operation, from malware distribution to monetizing stolen data.

Once a device is compromised, it becomes part of a sprawling botnet. Cybercriminals use these infected endpoints as residential proxies, allowing them to route illicit activity through home networks and obscure their true origins.

In addition to facilitating ad fraud and DDoS attacks, the botnet enables credential stuffing to hijack online accounts, intercepts one-time passwords for financial fraud, and deploys malicious code to further expand its network. The malware's ability to execute arbitrary commands gives attackers the flexibility to repurpose infected devices for virtually any cybercriminal goal.

The roots of BadBox trace back to earlier malware such as Triada, a sophisticated Android Trojan first discovered in 2016. Triada was known for deeply embedding itself into systems and evading detection. Over the years, its tactics have evolved into the modern supply chain attacks seen in BadBox and BadBox 2.0. This lineage helps explain the botnet's resilience and adaptability, built on nearly a decade of development and refinement.

Detecting a BadBox 2.0 infection is difficult for most consumers. The malware typically operates silently, with few obvious symptoms. Subtle signs may include the appearance of unfamiliar app stores, unexplained device overheating, or sudden changes to network settings. The FBI warns that devices advertising free access to premium content or marketed as "unlocked" pose a particularly high risk.

If a device is suspected of being infected, users should isolate it from the internet immediately, review all connected devices for unauthorized apps or activity, and consider performing a full reset or replacing the hardware.

To minimize risk, experts recommend:

• Purchasing devices certified by Google Play Protect.

• Avoiding uncertified or off-brand hardware.

• Keeping firmware and apps updated.

• Monitoring home network traffic for anomalies.

• Checking security bulletins for compromised model lists and known indicators of compromise.

Permalink to story:

Cybercriminals target smart homes as BadBox 2.0 botnet spreads globally

 

[RudyBob]

Dumbest words in the English language, "Alexa,etc, etc, etc"

 

[godrilla]

Five years ago I purchased a 1st gen smart home. The first thing I did was deactivate all them smart features. I prefer a dumb home that is more secure and manually control everything. Obviously you can't make everything dumb in 2025 but at least separating everything like ring door bell vs 1 centralized control of everything connected to the web.

 

[Theinsanegamer]

Five years ago I purchased a 1st gen smart home. The first thing I did was deactivate all them smart features. I prefer a dumb home that is more secure and manually control everything. Obviously you can't make everything dumb in 2025 but at least separating everything like ring door bell vs 1 centralized control of everything connected to the web.

What, exactly, can you not make dumb in 2025? You know normal dorbells still exist right?

 

[godrilla]

What, exactly, can you not make dumb in 2025? You know normal dorbells still exist right?

True but would you rip out a ring pro $250 doorbell and put a regular chimed one? The ring app is decent in my experience, you can speak to bystanders remotely plus it separate to the analog DVR security 4k system I have. Unfortunately the ring doorbell that came with the house is wireless. They do have a hardwired one that is probably more secure.

 

[Theinsanegamer]

True but would you rip out a ring pro $250 doorbell and put a regular chimed one? The ring app is decent in my experience, you can speak to bystanders remotely plus it separate to the analog DVR security 4k system I have. Unfortunately the ring doorbell that came with the house is wireless. They do have a hardwired one that is probably more secure.

Yes, I would. I don't want a smart home, the cost of said smart equipment is irrelevant.

Edit: plus if they are that expensive, I could easily resell it on eBay for more than the coat of a normal doorbell.

 

[amghwk]

Sigh...this is what happens when we started depending on "smart" and "tech" for everything.

Yes, physical locks can be broken too, but not within nanoseconds like using a software against "smart"homes.

 

[Megalomaniac]

I have absolutely 0 Smarthome devices. Not even a garage door opener. Not putting any of those CIA spy devices in my house. No Ring doorbell cam, I keep it all solidly analog.

 

[godrilla]

Yes, I would. I don't want a smart home, the cost of said smart equipment is irrelevant.

Edit: plus if they are that expensive, I could easily resell it on eBay for more than the coat of a normal doorbell.

I use a risk vs benefit approach when it comes to these things. For us the benefit especially for the past 5 years outweighed the risk of being hacked. I also have secondary, tertiary and quaternary mitigation techniques to mitigate burglary ( all separate from each other and not centralized).

Chatgpt benefit vs risk.
Here’s a clear and balanced look at the **risks vs. benefits** of using a **Ring Doorbell Camera**, helping you decide whether it's worth it for your home.

---

### **Benefits of Ring Doorbell Cameras**

1. **Increased Home Security**

* Real-time video monitoring and alerts when someone approaches your door.
* Can deter package theft and burglary through visibility and motion-activated recording.

2. **Remote Monitoring**

* Live video feed and two-way audio via smartphone app—answer the door from anywhere.
* Useful for keeping an eye on deliveries, kids, or service workers.

3. **Video Evidence**

* Footage can be used as evidence in criminal investigations.
* Cloud storage options allow for easy video review.

4. **Integration with Smart Home Ecosystems**

* Works with Alexa and other smart devices for full home automation.
* Can trigger lights, alarms, or notifications.

5. **Neighborhood Sharing Features**

* “Neighbors” app lets you receive crime and safety alerts from others nearby.

---

### **Risks and Drawbacks**

1. **Privacy Concerns**

* Captures video/audio of neighbors, passersby—raises legal/ethical issues.
* Potentially exposes private moments to external viewers if hacked.

2. **Data Security**

* Cloud storage means video is stored online—vulnerable to breaches.
* Ring has faced criticism for sharing user data with third parties and law enforcement.

3. **Surveillance Overreach**

* Could contribute to a sense of being constantly watched.
* Community concerns about being filmed without consent.

4. **Dependence on Internet**

* Requires Wi-Fi to function properly; outages can render it useless.
* Video lag or disconnection can hinder real-time communication.

5. **Subscription Costs**

* Cloud storage and advanced features often require monthly fees (e.g., Ring Protect plans).
* Basic functionality is limited without it.

---

### **Bottom Line: Is It Worth It?**

* **Best for:** Homeowners seeking convenience and improved security, especially in areas with frequent package theft or suspicious activity.
* **Not ideal for:** Those highly concerned about privacy, data security, or living in neighborhoods with strong surveillance boundaries.

If you decide to use one, it’s wise to:

* Enable two-factor authentication
* Review and limit data sharing settings
* Post signage if required by local law
* Avoid pointing the camera at public areas unnecessarily

.

 

[hahahanoobs]

My smart lights are restricted from communicating with any other devices on my network via Device Isolation on my TP router.
Another feature available to me is I could give them their own network, but that sounds like overkill just for smart lights from a lesser known company (Nooie). I want Matter bulbs next even if just to get rid of using 3rd party app for setups.

 

[Dreadcthulhu]

True but would you rip out a ring pro $250 doorbell and put a regular chimed one? The ring app is decent in my experience, you can speak to bystanders remotely plus it separate to the analog DVR security 4k system I have. Unfortunately the ring doorbell that came with the house is wireless. They do have a hardwired one that is probably more secure.

Yes I would. Heck, my wife hates doorbell sounds so we disconnected the regular one that came with our house. Anyone we would want at our door knows to knock at this point.

 

[godrilla]

Yes I would. Heck, my wife hates doorbell sounds so we disconnected the regular one that came with our house. Anyone we would want at our door knows to knock at this point.

My wife is the opposite she gets agro when she gets a ring. Remotely answers for the solicitors or posers. They can't tell if your home or not. If no one answers the nock if can't potentially invite some unwanted guests and squatters.

 

[FaTaL]

I live in a jar...copper shielded. Even my farts dont get out.