500K Infected Android Devices Freed Of BadBox

Say Bye Bye BadBox

It’s rare to have good news on Insecurity Corner which is why the disruption of BadBox is a welcome breath of fresh air.  Until very recently you could find BadBox present on cheap Android devices straight out of the factory, as the malware group behind it managed to infect the design of these devices on the production line.  There were also around two dozen malicious Google Play apps that would secretly infect your device if you decided to install them.  It was quite the Swiss Army Knife of horror, able to generate residential proxies, fake ad impressions, redirects devices to so called low-quality domains to pump up traffic so they would show up in other searches and even, and use your device’s IPs address to create fake accounts and perform credential stuffing attacks.

The good news is we are now safe from BadBox as the apps have been taken down and nearly a thousand BADBOX domains have been taken over to ensure infected devices can no longer spill data nor get updates to make BadBox invisible to scanners again.  You can check the list of Android Open Source Project devices in the image or the article to see if you were likely infected and perhaps as a list of devices to avoid in the future. 

You can read about Google’s less than savoury tracking cookies on Android phones below, if you need some bad news to balance the good.