Recently, our researchers partnered with HUMAN Security and Trend Micro to uncover BadBox 2.0, the largest known botnet of internet-connected TVs. Building on our previous actions to stop these cybercriminals, we filed a lawsuit in New York federal court against the botnet’s perpetrators.

The Badbox 2.0 botnet compromised over 10 million uncertified devices running Android’s open-source software (Android Open Source Project), which lacks Google’s security protections. Cybercriminals infected these devices with pre-installed malware and exploited them to conduct large-scale ad fraud and other digital crimes.

Our Ad Traffic Quality team identified and quickly acted against this threat, and we updated Google Play Protect, Android’s built-in malware and unwanted software protection, to automatically block BadBox-associated apps.

While these actions kept our users and partners safe, this lawsuit enables us to further dismantle the criminal operation behind the botnet, cutting off their ability to commit more crime and fraud. The FBI has also issued an alert about this illicit activity, and we continue to coordinate with them on our efforts to safeguard consumers and businesses worldwide.