BadBox2.0 is a botnet/malware operation referenced by Google Threat Intelligence Group (GTIG) in the context of abuse of large residential proxy networks. GTIG links IPIDEA (a residential proxy network/SDK ecosystem) to BadBox2.0, stating IPIDEA tooling was involved in BadBox2.0 and that Google previously took legal action against the BadBox2.0 botnet. The Finnish National Cyber Security Centre also warns that BadBox2.0 malware can be present on new devices from the manufacturing stage (i.e., preloaded/introduced during production), advising consumers to be careful in device selection. The provided content does not include specific technical IOCs, detailed module capabilities, or a precise infection chain beyond the high-level note that it may be present on devices at manufacture and is associated with botnet activity leveraging residential proxy infrastructure.
Mallory pivots from this family to the IOCs, detections, and named campaigns that touch your stack, and pages you when something new lands.
6 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.
A botnet referenced as being associated with the IPIDEA residential proxy network; IPIDEA software reportedly helped add devices to the botnet and was used to control them.
Botnet referenced as an example of malicious infrastructure abusing residential proxy exit nodes provided by the IPIDEA network.
BadBox2.0 is a malware that can be present on a new device already at the manufacturing stage, potentially infecting devices before they reach the end user.
Botnet referenced as being associated with IPIDEA, with IPIDEA software playing a key role in adding devices to the network and controlling them.
Match every observed IP, domain, and hash against your live telemetry.
Named campaigns wielding this family, with evidence pinned to each claim.
CVEs this family uses for access and lateral movement.
YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.
Every documented technique, ranked by evidence weight.
Reddit, Mastodon, and CTI community discussion around this family.