Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

BADBOX 2.0 Android streaming-device botnet

Malware Activity
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

The BADBOX 2.0 botnet is infecting Android streaming devices with malicious apps from unofficial marketplaces, turning them into a residential proxy network used for ad fraud and other abuse. The activity can compromise devices before purchase and is reported at a scale of over ten million devices. That makes consumer TV boxes a major source of covert traffic and a wider botnet risk.

Related Happenings

TrickMo Android banking trojan variant with TON C2 and network pivots

Malware Activity
First: 12.05.2026 15:50 Last: 12.05.2026 15:50 Sources 1

About this happening: A new **TrickMo** Android banking trojan variant now uses **The Open Network (TON)** for C2, turning infected phones into **network pivots** and **traffic-exit nodes**. It was obs...

Open Happening

NCSC-UK joint advisory on covert botnets and proxy networks

Public Sector Action
First: 23.04.2026 15:28 Last: 23.04.2026 15:28 Sources 1

About this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...

Open Happening

IPTV app lure campaign distributing Massiv Android banking malware

Campaign
First: 19.03.2026 12:13 Last: 19.03.2026 12:13 Sources 1

About this happening: A **recent IPTV app lure campaign** is distributing **Massiv Android banking malware**, putting users who seek **free or low-cost live sports broadcasts** at risk of device compro...

Open Happening

Massiv Android banking malware disguised as IPTV app

Malware Activity
First: 19.02.2026 12:00 Last: 19.02.2026 12:00 Sources 1

About this happening: The **Massiv** Android banking malware is posing as an **IPTV app** to steal digital identities and access **online banking accounts**. It uses **screen overlays**, **keylogging**...

Open Happening

Keenadu Android backdoor embedded in firmware and app delivery paths

Malware Activity
First: 17.02.2026 16:05 Last: 17.02.2026 16:05 Sources 1

About this happening: The **Keenadu** Android backdoor was found embedded in **firmware from multiple device brands**, putting infected devices and their installed apps at risk of full compromise. The...

Open Happening

Timeline

  1. 24.11.2025 20:44 2 articles · 6mo ago

    Superbox devices found relaying traffic through residential proxy network

    Technical Analysis Update

    Censys research found Superbox Android TV streaming devices sold at retailers like Best Buy and Walmart contacting Tencent QQ and Grass IO, while also running tools such as Tcpdump and Netcat and showing DNS hijacking and ARP poisoning behavior consistent with relaying user traffic through a residential proxy network.

    Show sources
    Open in new tab