A newly discovered vulnerability in Android devices allows cybercriminals to exploit them as proxy services.
The issue affects TV set-top boxes, tablets, projectors, and in-car infotainment systems. Researchers have found malware in at least one million Android-based devices, turning them into a botnet controlled by fraudsters. These compromised devices are used for various online scams, including proxy-based activities.
Most infected devices have been identified in South America, particularly in Brazil. Nearly all of them are built using open-source Android but are not part of Google’s ecosystem.
The attack is likely linked to the Chinese network Badbox 2.0, primarily targeting the TV98 and X96 device families.
In the original (already exposed) Badbox campaign, fraudsters installed backdoored firmware on streaming devices before they even reached consumers. Now, their strategy has shifted—users unknowingly infect their devices by downloading compromised versions of popular apps.
