Superbox Android TV Streaming Devices Linked to Botnet Activity

First reported

24.11.2025 20:44

Last updated

1 unique sources, 1 articles

Summary

Hide ▲

Superbox Android TV streaming devices, sold at major retailers like BestBuy and Walmart, are found to force users' networks to relay Internet traffic tied to cybercrime activities such as advertising fraud and account takeovers. The devices require users to replace the official Google Play Store with an unofficial App Store to access thousands of streaming channels, which then enroll the user's Internet connection in a distributed residential proxy network. Security experts warn that these devices, while marketed as affordable streaming solutions, pose significant security risks by enabling malicious traffic relaying.

Timeline

24.11.2025 20:44 1 articles · 23h ago

Superbox Devices Enroll Users in Residential Proxy Networks for Cybercrime Activities
Superbox Android TV streaming devices, sold at major retailers, require users to replace the official Google Play Store with an unofficial App Store to access streaming content. This process enrolls the user's Internet connection in a distributed residential proxy network, which is often used for cybercrime activities such as advertising fraud and account takeovers. Security experts have found that these devices contact servers associated with Tencent QQ and Grass IO, a residential proxy service. Additionally, Google and the FBI have warned about the risks posed by similar Android streaming devices, which are often pre-installed with malware or require the installation of malicious apps.
Show sources

Is Your Android TV Streaming Box Part of a Botnet? — krebsonsecurity.com — 24.11.2025 20:44
Open in new tab

Information Snippets

Superbox devices replace the official Google Play Store with an unofficial App Store to enable streaming of thousands of channels.
First reported: 24.11.2025 20:44

1 source, 1 article
Show sources
- Is Your Android TV Streaming Box Part of a Botnet? — krebsonsecurity.com — 24.11.2025 20:44
The devices immediately contact a server at Tencent QQ and a residential proxy service called Grass IO upon setup.
First reported: 24.11.2025 20:44

1 source, 1 article
Show sources
- Is Your Android TV Streaming Box Part of a Botnet? — krebsonsecurity.com — 24.11.2025 20:44
Superbox devices include powerful network analysis and remote access tools like Tcpdump and Netcat.
First reported: 24.11.2025 20:44

1 source, 1 article
Show sources
- Is Your Android TV Streaming Box Part of a Botnet? — krebsonsecurity.com — 24.11.2025 20:44
Grass IO, a residential proxy service, claims to be an opt-in network but has been misused by Superbox devices.
First reported: 24.11.2025 20:44

1 source, 1 article
Show sources
- Is Your Android TV Streaming Box Part of a Botnet? — krebsonsecurity.com — 24.11.2025 20:44
Google filed a lawsuit against the 'BadBox 2.0 Enterprise' botnet, which includes over ten million Android streaming devices engaged in advertising fraud.
First reported: 24.11.2025 20:44

1 source, 1 article
Show sources
- Is Your Android TV Streaming Box Part of a Botnet? — krebsonsecurity.com — 24.11.2025 20:44
The FBI warned about cybercriminals gaining unauthorized access to home networks through compromised IoT devices like Superbox.
First reported: 24.11.2025 20:44

1 source, 1 article
Show sources
- Is Your Android TV Streaming Box Part of a Botnet? — krebsonsecurity.com — 24.11.2025 20:44

Summary

Timeline

Superbox Devices Enroll Users in Residential Proxy Networks for Cybercrime Activities

Information Snippets