FBI Warns of Widespread BADBOX 2.0 Malware Infections Targeting Home IoT Devices The FBI has issued an alert regarding BADBOX 2.0, a sophisticated malware campaign compromising over 1 million internet-exposed home devices, primarily manufactured in China. The malware, downloaded during device setup, enables attackers to establish residential proxy networks, conduct credential stuffing attacks, and execute ad fraud. Compromised devices may exhibit deactivated Google Play Protect settings or unusual internet traffic, prompting the FBI to recommend immediate isolation and restricted network access. Users are advised to monitor network activity, download apps exclusively from official stores, and keep devices updated to mitigate risks. The advisory follows recent disclosures of other cyber threats, including the New Cosmali Loader, which infects Windows systems via typosquatted Microsoft Activation Scripts domains using malicious PowerShell scripts. Additionally, the Shai Hulud malware campaign has impacted over 25,000 repositories and hundreds of npm packages, automating developer environment compromises. Efforts to disrupt BADBOX 2.0 involved collaboration between the FBI, Google, Trend Micro, and the Shadowserver Foundation, while tools like Nezha—a post-exploitation remote access trojan—help attackers evade detection by blending with legitimate activity.