proxy nodes

HUMAN's Satori Threat Intelligence and Research team has identified a cyberattack named "BADBOX 2.0," which has compromised over 1 million consumer devices globally through 24 malicious applications on the Google Play Store. The operation utilizes a backdoor called BB2DOOR for persistent access to infected devices, primarily distributed via pre-installed apps on low-cost Android devices and third-party marketplaces. Four threat actor groups—SalesTracker Group, MoYu Group, Lemon Group, and LongTV—collaborate in this operation, which supports fraudulent activities such as residential proxy services, programmatic ad fraud, and click fraud, generating up to 5 billion fraudulent bid requests weekly. Despite efforts by HUMAN and Google to disrupt BADBOX 2.0, the threat actors may continue their operations due to the resilience of their supply chain. Users are advised to download apps only from official marketplaces to reduce infection risks.