Google has filed a lawsuit against the anonymous operators of the BadBox 2.0 Android malware botnet, accusing them of running a global ad fraud operation that exploits Google’s advertising platforms.
According to Google, BadBox 2.0 infects Android-based AOSP devices—including smart TVs, streaming boxes, and low-cost phones—by embedding malware either at the firmware level or through malicious app downloads. Once compromised, these devices connect to command-and-control (C2) servers, becoming part of a botnet used for ad fraud and sold as residential proxies to other cybercriminals.
How the BadBox 2.0 Ad Fraud Works
Google’s lawsuit outlines three main techniques used to generate fraudulent ad revenue:
- Hidden Ad Rendering: Infected devices silently install fake apps that load hidden ads in the background on attacker-controlled websites.
- Web-Based Game Sites: Bots open invisible browsers to run rigged games that generate rapid ad impressions.
- Search Ad Click Fraud: Bots perform fake search queries on malicious websites using AdSense for Search, monetizing the displayed ads.
Google claims that over 10 million Android-based devices have been infected globally, with more than 170,000 in New York state alone. The tech giant has already shut down thousands of malicious publisher accounts linked to the botnet, but warns the malware operation continues to expand.
If this article helped you, please consider supporting our work. Every small contribution keeps Abijita.com independent and running.
