He returns to make himself talk about himself, and obviously not in a positive sense, the malware Badboxan insidious and far from new threat that today reappears forcefully on the computer security chronicles after an alarm launched directly by the FBI.

According to the US Federal Agency millions of low -cost Android devices, including TV Box, streaming devices, automotive infotainment products and smart projectors, are currently compromised and are exploited as criminal platforms within domestic networks.

Badbox malware returns to the limelight

To understand the seriousness of the current situation it is necessary to take a step back, Badbox sinks its origins in Triadan extremely sophisticated malware discovered in 2016 by Kaspersky Lab and already defined at the time One of the Trojans for more advanced mobile devices Never met.

His danger resided in the ability to obtain root privileges via exploit, bypass the native Android protections and even intervene on the Zygote process, the beating heart of the Google operating system.

Although Google had intervened in several occasions to neutralize Triada, updating Android to counter the infection methods, the threat has returned cyclically; Already in 2019 a disturbing scenario emerged, devices sold to the public with pre -installed malware, the result of real attacks on the supply chain.

In 2024 the Human Security security company launched the alarm on Badbox, a backdoor derived from Triada and pre -installed on tens of thousands of Chinese production Android devices; These devices, mostly cheap and intended for the global market, were used as nodes of a criminal network with purposes that went from advertising fraud to the automated creation of fake accounts on Gmail and Whatsapp, passing through the use of devices as residential proxy and for the infection of other devices connected to the home network.

In March 2025 Google, together with a consortium of organizations active in the world of Internet security, had taken part in aCoordinated action to block Badbox 2.0a new wave of infections that had hit over a million non -certified Android devices, based on the Android Open Source Project; These devices were not protected by the Google Play Protect security program, a circumstance that made them easy targets.

Despite the intervention, however, the threat persists, The FBI has confirmed precisely in these hours that Badbox is still active and continues to compromise millions of devices all over the world.

The agency’s message, contained in a service announcement published on Thursday, is quite clear: Consumers must carefully evaluate the IoT devices present in their homes, paying attention to any signs of compromise and, if necessary, disconnect these devices from the network.

But what are the signs to be careful? Unfortunately, there are not many who can be caught with a naked eye by a common user, the FBI cites in particular Automatic market connections of unofficial apps or suspicious, e Unusual requests for deactivation of Play Protect.

The recommendation is of Check if you have one of the reported devices by Human Security (the image below) and compromised by Badbox, if so, proceed with its replacement; Maximum caution is also suggested in the purchase of low -cost devices, especially if from unknown brands or by untreated retailers.

Once again the story highlights how important it is to choose certified Android devices, protected by the Google Play Protect program and updated regularly; The initial saving on the purchase of an economic product can easily turn into a concrete risk for privacy, the safety of the home network and its digital identity due to badbox and company.

The hope is that the message of the FBI and the initiatives undertaken by Google can stem a threat that, as history has already shown us, is able to evolve quickly over time.