PR GarutThe cyber world is once again shaken by a major threat from behind the scenes. A sophisticated malware attack named BadBox 2.0 is reported to have infiltrated more than 10 million Android devices worldwide, triggering serious concerns about global digital security. Surprisingly, this malware has been embedded since the devices left the factory, even before they were used by consumers.
This massive attack was revealed by the FBI, which in its official statement mentioned that low-cost Android devices, including TV boxes, tablets, and car infotainment systems, have become primary targets of this dangerous malware. In a Public Service Announcement titled I-060525-PSA, the FBI (Federal Bureau of Investigation), the main investigative agency of the U.S. Department of Justice, warned that millions of Android devices from China have been “contaminated” with malicious software even before reaching consumers.
Imagine you buy a smart TV or cheap tablet, only to find out it’s a Trojan horse that can open up your entire home network for infiltration,Ujar Kiran Gaikwad, security expert from Point Wild, explained how dangerous this malware is.
Unlike common malware that usually infiltrates through illegal applications, BadBox 2.0 has been embedded in the firmware of IoT devices such as digital photo frames, streaming devices, and children’s tablets. This attack targets devices without official certification, mostly made in China, which are widely sold in online markets at low prices.
These devices are programmed with hidden backdoors, and when you follow the ‘mandatory software update’ instructions, you are actually granting access to cybercriminals,Add Gaikwad.
Google Handover
In response to this threat, Google did not remain idle. The technology giant announced that they have filed a lawsuit with the federal court in New York against the perpetrators behind BadBox 2.0, which is reported to be based in China.
In addition, Google has also made a major update to the Google Play Protect feature, the built-in Android security system, to automatically block applications that are suspected to be connected to BadBox.
This step is important to keep users’ devices that have not been infected safe, and for those already infected, it can protect them from further damage,Write the official statement from Google, quoted from Forbes, Wednesday (8/6/2025).
What Should the User Do?
FBI strongly advises Android device users who are suspicious or not certified to immediately:
* Disconnecting the device from the internet network, whether Wi-Fi or mobile data.
* Avoid unofficial or suspicious software updates.
* Removing suspicious applications and using security features such as Play Protect.
* If possible, replace the device with a product that has official security certification.
This threat is not just a regular warning. BadBox 2.0 attacks show how vulnerable cheap, unsecured devices are to large-scale global infiltration. The world is now facing not only digital warfare, but also a silent invasion through the devices we use every day.***