FBI Warns of BADBOX 2.0 Botnet Exploiting Smart TVs and IoT Devices

In a public alert issued on June 5, 2025, the FBI warned that cyber criminals are leveraging vulnerabilities in internet-connected devices, including smart TVs, streaming boxes, digital projectors, and aftermarket vehicle infotainment systems, to build a sprawling botnet dubbed BADBOX 2.0. This successor to the original BADBOX campaign now comprises millions of compromised devices, enabling unauthorized access to residential proxy services and facilitating a wide range of illicit online activities. This expansive network silently channels traffic to conceal criminal operations.
According to the FBI, most compromised devices are manufactured in China and become infected in two primary ways: pre-installed malware at the factory or hidden backdoors introduced during setup via unofficial app marketplaces. The BADBOX 2.0 campaign exploits users who disable security features like Google Play Protect or install “unlocked” streaming apps promising free content.
BADBOX 2.0 sells or offers free access to compromised home networks, renting millions of devices as proxies. The FBI notes that the original BADBOX campaign, uncovered in 2023 and disrupted in 2024, primarily targeted Android devices, whereas the current iteration spans a diverse range of IoT hardware. Analysts warn that proxy services can be rented for spamming, credential stuffing, and other automated attacks, highlighting the scale of the threat.
The bureau has outlined several indicators of compromise, including the presence of unofficial app marketplaces, unverified device firmware, and unexplained network-traffic spikes. To protect themselves, consumers are urged to audit their home networks, disconnect any suspect devices, avoid downloading apps from unofficial sources, and keep device software up to date. Anyone who believes they may have been targeted should report incidents to the FBI’s Internet Crime Complaint Center to support ongoing investigations.
Otonata remains committed to advancing cybersecurity awareness and solutions. We recommend that businesses and individuals conduct regular security reviews of all IoT products, disable unnecessary functionalities, and monitor device activity to mitigate emerging threats in the connected-home ecosystem.
FBI Announcement: https://www.ic3.gov/PSA/2025/PSA250605