On June 5th, 2025, the Federal Bureau of Investigation issued Public Service Announcement I-060525, detailing how cybercriminals are exploiting compromised Internet-of-Things devices to expand the BADBOX 2.0 botnet and residential-proxy infrastructure.
The goal of this announcement is consumer education: if you buy one of these bargain devices, you may be handing criminals the keys to your home network. You wouldn’t help someone rob a store—are you willing to let bad actors steal bandwidth, launder traffic, and commit fraud in your name?
HUMAN is honored to have contributed intelligence to this alert alongside Google, Trend Micro, and the Shadowserver Foundation, further validating the findings our Satori Threat Intelligence & Research Team published in March 2025.
Collaboration is the decisive advantage in modern cyber defense. From the first indicators uncovered in our labs, we worked shoulder-to-shoulder with platform operators, cloud providers, and law enforcement partners, sharing data in real time and coordinating disruption actions. Google’s enforcement across Google Play Protect has already blocked malicious apps and cut off monetization avenues for the actors behind BADBOX 2.0.
I also want to extend a special thank you to The Shadowserver Foundation for sinkholing key BADBOX 2.0 command-and-control domains. As a result of their swift action, over a million infected devices now beacon to Shadowserver-managed infrastructure instead of criminal servers, stripping the threat actor of a substantial portion of its botnet. A live view of that global neutralization is available on Shadowserver’s public dashboard.
This investigation is very much ongoing. The adversaries responsible for BADBOX 2.0 have shown they will iterate quickly, shifting infrastructure and re-seeding supply chains when pressured. HUMAN researchers will continue to hunt for new variants, share indicators with the FBI and our industry peers, and deploy fresh detections across the Human Defense Platform to protect customers worldwide.
In the meantime, we urge manufacturers, retailers, and consumers to follow the mitigation guidance in the FBI PSA: purchase devices from reputable vendors, keep firmware up to date, monitor network traffic for anomalies, and avoid unofficial app stores. If you suspect a device on your network is compromised, disconnect it immediately and file a report at ic3.gov.
I want to personally thank every partner who leaned in—especially our colleagues at Google—for the openness, speed, and determination that made this collective defense possible. Together we are raising the cost of fraud and making the internet safer for everyone.
To learn more about securing your network and data against bad actors and malware strategies like BADBOX 2.0, visit HUMAN Security’s brief on human defense in the Public Sector.
Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including HUMAN Security, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.
