Security on Android devices is back in the spotlight. after the discovery of international networks of cybercriminals who have managed to infiltrate malware directly into brand-new gadgets. This type of threat, increasingly frequent and sophisticated, endanger millions of users around the world, who may be unknowingly participating in fraudulent activities through their own electronic devices.
In the last months, Google and cybersecurity firms have revealed the magnitude of these operations.Cheap Android devices, such as set-top boxes, projectors, and streaming boxes, are sold pre-packaged and reach users with malware capable of turning them into part of a vast network of "zombie" devices.
The BadBox 2.0 botnet and the rise of factory-installed malware
Recently, the plot dubbed BadBox 2.0 has been uncovered, a network which managed to infect more than 10 million Android devices internationally. The research, a joint effort between Google, HUMAN Security, and Trend Micro, revealed how set-top boxes and other inexpensive devices They were sold through online stores after being altered on the assembly line to include pre-installed malicious software.
The danger lies in the fact that These devices begin to act as part of a criminal organization as soon as they connect to the Internet.Their actions include ad click fraud, the creation of fake accounts, mass spam, and even ransomware demands, all without the consumer having the slightest suspicion of what's happening in the background.
In addition, some devices were used as "residential proxies," allowing criminals to hide their traffic through other people's home networks without raising suspicion. The BadBox 2.0 structure turned out to be highly organized, with divisions specializing in malware development, physical manipulation, and the creation of camouflaged applications.
Legal and technological responses: Google takes action
Faced with the magnitude of the problem, Google has filed a lawsuit against those responsible for BadBox 2.0 in the United States and has managed to block the domains they used to coordinate the botnet. At the same time, the company has updated its Google Play Protect security system to detect corrupt behavior associated with this type of threat.
The FBI has also issued public advisories pointing out the dangers of purchasing uncertified or overpriced Android devices, highlighting that Buying cheap, in this case, can be very expensive.As part of this strategy, Google is working closely with international law enforcement to identify and arrest those responsible for these networks.
It is important to clarify that Most infected devices will go unnoticed and will continue to operate for cybercriminals for years, as many users will never suspect or examine the inner workings of their devices.
Pre-installed malware: common types and threats
The phenomenon of Pre-installed malware is not limited to BadBox 2.0Recent studies have highlighted other threats such as Triada, a software package that comes pre-installed on counterfeit phones and can spy on messages, manipulate links, and steal banking credentials. Furthermore, banking Trojans like Mamont masquerade as legitimate applications to intercept sensitive data or even remotely control the device.
In certain regions, such as Türkiye or India, the diversification of threats is even greater, with programs that impersonate entertainment apps or financial reward systems, and droppers capable of installing other types of malware in a cascade.
According to data from Kaspersky, In the first quarter of 2025, more than 180.000 mobile malware samples were detected., affecting more than 12 million users. This illustrates the accelerated pace at which mobile cybercrime is advancing.
How to detect and prevent pre-installed malware on Android
One of the main difficulties for identify pre-installed malware is its ability to operate in the background, without the user noticing obvious symptoms. However, some Performance issues, presence of unsolicited ads or unexplained crashes may indicate the presence of malware.
From the cybersecurity sector, the main recommendation is always purchase certified devices, preferably through official channels, and avoid buying from unverified stores. It is also essential check permissions of applications, keep the system updated and have recognized security solutions.
Experts warn that while these measures do not guarantee full protection, Yes, they significantly reduce the risk of being a victimThe false sense of security, believing that only computers are vulnerable, can facilitate the spread of malware on mobile phones, which are now the primary means of accessing data and conducting financial transactions.
For all these reasons, prevention, conscious purchasing, and vigilance are essential. Opting for certified technology from a reliable source can prevent unwittingly entering the cybercrime game, which is becoming more sophisticated and dangerous every day. It's advisable to be alert to any unusual behavior on our devices and be wary of offers that are too good to be bought but can end up being very expensive.