BADBOX 2.0 Targets Consumer Devices with Multiple Fraud Schemes
Essential information
- Published
- 06/03/2025 12:31
- Modified
- 06/03/2025 15:40
- Tags
- 2025-03-06 ad fraud backdoor badbox badbox 2.0 bb2door botnet click fraud ctv iot residential proxy vo1d
- Related entities
- 59 observables, 1 intrusion sets (apt), 9 techniques (mitre), 1 malware
Description
HUMAN's Satori Threat Intelligence team uncovered and partially disrupted BADBOX 2.0, a complex fraud operation targeting low-cost consumer devices. This operation, an expansion of the 2023 BADBOX scheme, infected over 1 million Android Open Source Project devices worldwide with a backdoor called BB2DOOR. The infection enabled various fraud schemes, including residential proxy services, ad fraud, and click fraud. Four threat actor groups were identified: SalesTracker Group, MoYu Group, Lemon Group, and LongTV. The operation targeted devices in 222 countries, with Brazil being the most affected. HUMAN collaborated with Google and other partners to disrupt the infrastructure and protect customers from the threat.