If you have explored the lesser-known areas of the internet or the real world, you may have encountered Android TV set-top boxes marketed as tools for streaming everything for free. Unfortunately, these devices often come with hidden dangers, including malware that can transform them into a botnet. Google is addressing the issue through litigation, aiming to disrupt the operations that use this botnet for fraudulent advertising and other criminal activities. The botnet primarily functions to create fake advertising tools that divert funds from Google and various advertising firms, with some profits allegedly flowing back to operators based in China.
Furthermore, the malware enables activities like distributed denial-of-service (DDoS) attacks and ransomware distribution. Google reports that these proxy connections are sold to criminals for prices reaching $1,390 USD for 500GB of data, while counterfeit applications are spread globally through unregulated third-party stores. Google’s strategy focuses on legal action against companies hosting the infrastructure that supports the botnet’s activities. If successful, the case could compel major web service providers—such as GoDaddy, CloudFlare, Amazon, and Alibaba—to terminate services used by these malicious sites.
It’s important to note that the compromised devices, although running on Android, are not the standard Android TV or Google TV systems and lack the security protections found in the Google Play Store. Essentially, this botnet resembles past malware that predominantly affected Windows machines. The Android-based boxes are inexpensive and easily manipulated due to the platform’s flexibility. Through this unusual approach, Google is attempting to leverage legal channels to combat a problem that has outgrown its typical tools of monitoring and ad account shutdowns.
The company seeks permanent injunctions against the malicious actors and demands financial recovery in the form of damages and attorney’s fees.