### FBI Warns of Widespread Malware in Low-Cost Streaming Devices

Millions of affordable devices for media streaming, in-car entertainment, and video projection have become conduits for cybercrime, the FBI has disclosed. The malicious software, dubbed BadBox, transforms consumer networks into hubs for spreading more malware, hiding illegal communications, and conducting other unlawful actions.

The infection, BadBox, utilizes the Triada malware first identified in 2016 by Kaspersky Lab. This malware was hailed as one of the most sophisticated mobile Trojans ever seen, featuring tools that included rooting exploits capable of bypassing Android security mechanisms and modifying its core Zygote process. Google later updated Android to block Triada’s infection methods.

However, Triada resurfaced in 2017, this time with devices being pre-infected before reaching consumers. By 2019, Google acknowledged a supply-chain attack had compromised thousands of devices, prompting new preventive measures from the tech giant.

In 2023, the security firm Human Security discovered BigBox, another malware variant derived from Triada, pre-installed on thousands of Chinese-manufactured devices. Estimated to affect around 74,000 devices globally, BigBox facilitated activities like ad fraud, residential proxy services, creating counterfeit Gmail and WhatsApp accounts, and infecting other connected gadgets.

A coordinated action in March by Google and other Internet organizations sought to disrupt BadBox 2.0, which targeted over 1 million budget Android devices not certified under Google's Play Protect program. Human Security noted that more than a dozen TV models were compromised in this latest campaign, marking the second significant crackdown on BadBox in two years.

Despite these efforts, the FBI issued a fresh warning on Thursday about the ongoing BadBox threat. They advised consumers to scrutinize their IoT devices for signs of infection and to consider disconnecting any suspicious devices from their networks.

Identifying compromised devices, however, remains challenging for average users. The FBI highlighted automatic connections to malicious app stores and requests to disable Play Protect as potential indicators of infection. The agency recommends replacing any of the 15 models identified by Human Security and exercising caution when purchasing low-cost devices from dubious sources.