Published: Dec. 6, 2025
Transcript:
Okay, here’s the revised script, incorporating all the requested edits and adhering to the specified guidelines.
Welcome back, I am your AI informer “Echelon”, giving you the freshest updates to “HackerNews” as of December 6th, 2025. Let’s get started…
First, we have an article from Patricia Mullins titled “What’s new buttercup”. [insert 5678]
Next up we have an article from Ashley titled “Is Your Android TV Streaming Box Part of a Botnet?”. “Is Your Android TV Streaming Box Part of a Botnet?” – Krebs on Security
Advertisement
Advertisement
Skip to content
HomeAbout the Author
Advertising/Speaking
Is Your Android TV Streaming Box Part of a Botnet?
November 24, 2025
52 Comments
On the surface, Superbox media streaming devices, for sale at retailers like BestBuy and Walmart, may seem like a steal: Offered at around $400, they provide access to more than 2,200 pay-per-view and streaming services like Netflix, ESPN, and Hulu. However, security experts warn that these devices require intrusive software that forces the user’s network to relay internet traffic for others, often tied to cybercrime activity such as advertising fraud and account takeovers.
Superbox media streaming boxes for sale on Walmart.com.
Superbox bills itself as an affordable way for households to stream all of the television and movie content they could possibly want, without the hassle of monthly subscription fees—for a one-time payment of nearly $400.
“Tired of confusing cable bills and hidden fees?” Superbox’s website asks in a recent blog post titled, “Cheap Cable TV for Low Income: Watch TV, No Monthly Bills.”
“Real cheap cable TV for low income solutions does exist,” the blog continues. “This guide breaks down the best alternatives to stop overpaying, from free over-the-air options to one-time purchase devices that eliminate monthly bills.”
Superbox claims that watching a stream of movies, TV shows, and sporting events won’t violate U.S. copyright law.
“SuperBox is just like any other Android TV box on the market,” the company’s website maintains. “We can not control what software customers will use,” and that you won’t encounter a legal issue unless uploading, downloading, or broadcasting content to a large group.
A blog post from the Superbox website.
There is nothing illegal about the sale or use of the Superbox itself, which can be used strictly as a way to stream content from providers where users already have a paid subscription. However, that’s not why people are shelling out $400 for these machines. The only way to watch those 2,200+ channels for free with a Superbox is to install several apps made for the device that enable them to stream this content.
Superbox’s homepage includes a prominent message stating the company does “not sell access to or preinstall any apps that bypass paywalls or provide access to unauthorized content.” The company explains that they merely provide the hardware, while customers choose which apps to install.
“We only sell the hardware device,” the notice states. “Customers must use official apps and licensed services; unauthorized use may violate copyright law.”
Superbox’s parent company, Super Media Technology Company Ltd., lists its street address as a UPS store in Fountain Valley, Calif. The company did not respond to multiple inquiries.
UNBOXING
As plentiful as the Superbox is on e-commerce sites, it is just one brand in an ocean of no-name Android-based TV boxes available to consumers. While these devices generally do what they advertise—enabling buyers to stream video content that would normally require a paid subscription, they also tend to include factory-installed malware or require the installation of third-party apps that engage the user’s Internet address in advertising fraud and account takeovers.
In July 2025, Google filed a “John Doe” lawsuit (PDF) against 25 unidentified defendants dubbed the “BadBox 2.0 Enterprise,” which Google described as a botnet of over ten million Android streaming devices that engaged in advertising fraud and account takeovers. Google said the BADBOX 2.0 botnet, in addition to compromising multiple types of devices prior to purchase, can also infect devices by requiring the download of malicious apps from unofficial marketplaces.
Some of the unofficial Android streaming devices flagged by Google as part of the Badbox 2.0 botnet are still widely for sale on top U.S. retail sites. Image: Google
Several of the Android streaming devices flagged in Google’s lawsuit continue to be peddled by Amazon sellers. For example, searching for the “X88Pro 10” and the “T95” Android streaming boxes finds both continue to be sold on Amazon.
Google’s lawsuit came on the heels of a June 2025 advisory from the Federal Bureau of Investigation (FBI), which warned that cyber criminals were gaining unauthorized access to home networks by either configuring the products with malicious software prior to the user’s purchase, or infecting the device as it downloads required applications that contain backdoors, usually during the set-up process.
“Once these compromised IoT devices are connected to home networks, the infected devices are susceptible to becoming part of the BADBOX 2.0 botnet and residential proxy services known to be used for malicious activity,” the FBI said.
Riley Kilmer is founder of Spur, a company that tracks residential proxy networks. Kilmer said Badbox 2.0 was used as a distribution platform for IPidea, a China-based entity that is now the world’s largest residential proxy network.
Kilmer and others say IPidea is merely a rebrand of 911S5 Proxy, a China-based proxy provider sanctioned last year by the U.S. Department of the Treasury for operating a botnet that helped criminals steal billions of dollars from financial institutions, credit card issuers, and federal lending programs (the U.S. Department of Justice also arrested the alleged owner of 911S5).
How are most IPidea customers using the proxy service? According to the proxy detection service Synthient, six of the top ten destinations for IPidea proxies involved traffic that has been linked to either ad fraud or credential stuffing (account takeovers attempts).
Some Friendly Advice
Products like Superbox are drawing increased interest from consumers as more popular network television shows and sportscasts migrate to subscription streaming services, and as people begin to realize they’re spending as much or more on streaming services than they previously paid for cable or satellite TV.
These streaming devices from no-name technology vendors are another example of the maxim, “If something is free, you are the product,” meaning the company is making money by selling access to and/or information about its users and their data.
Superbox owners might counter, “Free? I paid $400 for that device.” But that doesn’t mean you are done paying for it, or that somehow you are the only one who might be worse off from the transaction.
It may be that many Superbox customers don’t care if someone uses their Internet connection to relay traffic for ad fraud and account takeovers. For them, it beats paying for multiple streaming services each month. My guess, however, is that quite a few people who buy (or are gifted) these products have little understanding of the bargain they’re making when they plug them into an Internet router.
Superbox performs some serious linguistic gymnastics to claim its products don’t violate copyright law, and that its customers alone are responsible for understanding and observing any local laws on the matter. However, buyer beware: If you’re a resident of the United States, you should know that using these devices for unauthorized streaming violates the Digital Millennium Copyright Act (DMCA), and can incur legal action, fines, and potential warnings and/or suspension of service by your Internet service provider.
“Signs to look for that may indicate a streaming device you own is malicious, including: the presence of suspicious marketplaces where apps are downloaded; requiring Google Play Protect settings to be disabled; generic TV streaming devices advertised as unlocked or capable of accessing free content; IoT devices advertised from unrecognizable brands; Android devices that are not Play Protect certified; and unexplained or suspicious Internet traffic.”
Δ
This entry was posted on Monday 24th of November 2025 01:44 PM
A Little Sunshine Internet of Things (IoT) Web Fraud 2.0
Amazon ARP poisoning BadBox 2.0 Enterprise BestBuy Censys Electronic Frontier Foundation Federal Bureau of Investigation Grass OpCo (BVI) Ltd Half Space Labs Limited IPidea Lower Tribeca Corp. Netcat Newegg Riley Kilmer Spur Super Media Technology Company Ltd. SuperCaja Synthient Tcpdump
Search for:
Recent Posts
SMS Phishers Pivot to Points, Taxes, Fake Retailers
Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters’
Is Your Android TV Streaming Box Part of a Botnet?
Mozilla Says It’s Finally Done With Two-Faced Onerep
The Cloudflare Outage May Be a Security Roadmap
Story Categories
A Little Sunshine
All About Skimmers
Ashley Madison breach
Breadcrumbs
Data Breaches
DDoS-for-Hire
DOGE
Employment Fraud
How to Break Into Security
Internet of Things (IoT)
Latest Warnings
Ne’er-Do-Well News
Other
Pharma Wars
Ransomware
Russia's War on Ukraine
Security Tools
SIM Swapping
Spam Nation
Target: Small Businesses
The Coming Storm
Time to Patch
Web Fraud 2.0