Noac 🧡

The Ad Fraud Files 🗂️ Case 003: BADBOX 2.0 Smart TVs, tablets, phones, streaming boxes, projectors, even car infotainment systems… BADBOX 2.0 — discovered mere months ago — is an Android malware supply chain operation 🦠 and the direct successor to the 2023 BADBOX botnet that hijacked tens of thousands of devices for the perpetration of ad fraud. This time, over 10 million devices were compromised worldwide. Some shipped from the factory already infected, others were compromised the moment they were first powered on, and many more through look-alike 'decoy' apps downloaded from unofficial stores — a full supply chain of infection. Once the backdoor was active, BADBOX 2.0 ran completely silent in the background, turning unsuspecting consumers — and their everyday devices — into a global fraud engine ⚙️ The bad actors behind BADBOX 2.0 used it to run large-scale programmatic and click fraud, siphoning ad budgets. At the same time, they hid behind victims’ IP addresses to carry out a wide array of digital crimes, such as credential theft and DDoS attacks. Every action was cloaked as legitimate traffic, making the operation almost impossible to distinguish from real, genuine users. Google, HUMAN Security, and law enforcement joined forces to dismantle BADBOX 2.0. Together, they: 💥 Took down its command servers 🚫 Suspended linked publisher accounts 🏛️ Filed a federal lawsuit against 25 alleged operators earlier this year The case remains ongoing, with the FBI issuing a public warning about the botnet in June 2025. Ad fraud is always evolving and BADBOX 2.0 shows just how big the stakes are. At Verasity, we keep a close watch on operations like these to keep our advertising infra ready to defend ad campaign integrity, publisher revenue, and advertiser budgets worldwide.