A dangerous malware campaign known as BadBox 2.0 is infecting millions of smart devices globally, the FBI has warned. According to the Internet Crime Complaint Center (IC3), this malicious software is targeting Internet of Things (IoT) hardware—devices we often rely on daily without a second thought. These include TV streaming boxes, digital projectors, aftermarket infotainment systems in vehicles, digital photo frames, and similar off-brand electronic gadgets.

Pre-Installed or Delivered Through Fake Updates

What makes BadBox 2.0 especially alarming is how it spreads. The FBI notes that in many cases, the malware is pre-installed on these off-brand devices, especially those shipped from less regulated markets. In other instances, it arrives silently through software updates from untrustworthy sources. This means users might be exposed to malware the moment they unbox and power up a new device—or during what seems like a routine update.

This version appears to be a continuation of the original BadBox campaign, which was disrupted by German authorities in December. However, the new wave is more advanced and widespread.

Human Analysts: Over One Million Devices Infected

Cybersecurity experts at HUMAN, a digital protection company, raised the alarm in March 2025. Their findings showed that BadBox 2.0 had already infected over 1 million Android-based devices, mostly those manufactured in China. This number marks a significant spike from the previous BadBox outbreak, which only affected tens of thousands.

The infected devices are silently recruited into a botnet—a network of compromised systems controlled by cybercriminals. This allows hackers to perform illegal activities while masking their true identity, as their digital footprints are routed through regular home networks.

The Botnet-for-Rent Market

The FBI alert highlights another layer of the issue: cybercriminals aren’t just using the botnet themselves. In many cases, they rent access to it, allowing other bad actors to exploit these hijacked devices for fraud, phishing, or other illegal operations. This turns millions of everyday devices into silent accomplices in global cybercrime.

What Should You Do?

The FBI is advising all consumers to carefully evaluate their IoT devices—especially those that are unfamiliar, advertised as "unlocked," or promise free access to content. Warning signs include:

• Unknown or suspicious app marketplaces
  
  
• Requests to disable Google Play Protect
  
  
• Devices from brands you’ve never heard of
  
  

If any of these red flags appear, the bureau recommends disconnecting the device from your network immediately.

Stay Safe: Update and Verify

Cybersecurity professionals strongly urge users to regularly update the firmware on all smart home devices. These updates often include patches that can protect against known threats like BadBox 2.0. Choosing reputable brands and avoiding deals that seem too good to be true can also help reduce your exposure to malware risks.

In an age where our coffee machines, TVs, and even cars are online, cyber hygiene is no longer optional—it’s a necessity.