← Streaming
F

Cheap Android TV Boxes (BadBox 2.0)

Fail
Various Chinese manufacturers · 🇨🇳 China
PolicyApp PermissionsNetwork TrafficFirmwareRegulatory
Technical details
Manufacturer: Various Chinese manufacturers

⚠️ The bottom line

10 million devices. Malware installed at the factory. Before you even turned it on, your $30 Android TV box was already working for criminals — routing ad fraud, DDoS attacks, and stealing two-factor codes through your home network. Factory reset doesn't help. The malware is in the firmware. You bought a criminal tool disguised as a streaming device. The FBI warned the public. Google sued. The operators of the predecessor network were arrested. And the devices are still for sale on Amazon and Temu right now, under new brand names, with fresh malware. You can buy a pre-infected streaming box with same-day delivery. The marketplace knows. They keep selling.

Legal jurisdiction
🇨🇳 China (headquarters)
National Intelligence Law read more →
Company must secretly hand data to Chinese intelligence on request
Data Security Law read more →
State can classify any data as 'important' and demand access for national security
Spying
0/4 N/A
Is someone spying on me?
Data Sharing
2/4 MODERATE
Who gets my data?
Security
3/4 HIGH
Is it actually secure?
Honesty
2/4 MODERATE
Can I trust what they say?
CONFIGURE High-risk areas that can be partially mitigated with settings changes.
2Contradictions
2Critical
0High
0Medium
2Sources
Findings by concern
Security 3/4 HIGH 2 findings
⚠️ criticalmarketing vs third party research
10 million devices. Malware installed at the factory. Before you even turned it on, your $30 Android TV box was already working for criminals — routing ad fraud, DDoS attacks, and stealing two-factor codes through your home network. Factory reset doesn't help. The malware is in the firmware. You bought a criminal tool disguised as a streaming device.

What they claim: Budget Android TV boxes and streaming devices sold as affordable smart TV solutions

What we found: HUMAN Security uncovered BadBox 2.0 — the largest known botnet of connected TV devices. Malware was pre-installed in the firmware of cheap Android TV boxes, streaming devices, tablets, and digital picture frames manufactured in China. Over 10 million devices across 222 countries were compromised. The malware turns devices into residential proxies for ad fraud, DDoS attacks, and 2FA code theft. It survives factory resets.

⚠️ criticalmarketing vs regulatory
The FBI warned the public. Google sued. The operators of the predecessor network were arrested. And the devices are still for sale on Amazon and Temu right now, under new brand names, with fresh malware. You can buy a pre-infected streaming box with same-day delivery. The marketplace knows. They keep selling.

What they claim: These devices are sold freely on Amazon, AliExpress, Temu, and other marketplaces

What we found: The FBI issued a public warning in June 2025 about BadBox-infected devices. Google filed a lawsuit in July 2025 against 25 unidentified defendants connected to the botnet. The operation was linked to IPidea, a rebrand of the sanctioned 911S5 Proxy network whose operators were arrested in 2024. The devices continue to be sold on major marketplaces under dozens of brand names.

Sources