Researchers connect popular “free streaming” devices to BadBox 2.0 botnet that has compromised millions of Android-connected devices globally
As excitement builds around the upcoming 2026 FIFA World Cup, cybersecurity experts are warning fans about the growing risks associated with unofficial streaming platforms and low-cost connected TV devices marketed as “free” alternatives for accessing live sports content.
According to Infoblox, one of the most heavily promoted streaming devices, SuperBox, has been linked by multiple security researchers to BadBox 2.0 — a massive botnet operation believed to have compromised more than 10 million Android-powered devices worldwide. The botnet is considered one of the largest infections involving connected TV devices and consumer Android systems.
Researchers warn that compromised devices can silently operate as residential proxy networks, allowing cybercriminals to route malicious activity through unsuspecting users’ home internet connections. This can expose consumers to privacy risks, malware infections, data theft, and unauthorized use of their network infrastructure.
Infoblox noted that the threat goes beyond illegal streaming concerns and highlights a broader issue involving supply chain vulnerabilities in consumer electronics. Devices marketed as plug-and-play entertainment solutions may contain insecure firmware, hidden malware components, or malicious software preloaded during manufacturing or distribution.
“SuperBox is a textbook example of how supply chain vulnerabilities in widely available consumer devices can be weaponized at massive scale. These devices are implicated in BadBox 2.0, a China-linked malicious botnet silently turning consumer devices into residential proxies for bad actors worldwide,” said Renée Burton, Vice President of Threat Intelligence at Infoblox.
The company also referenced its earlier threat intelligence research, including the report titled Pushed Down the Rabbit Hole, which examined how compromised websites and malicious advertising chains can expose users to cascading cyberattacks, including malware delivery and push notification abuse.
Cybersecurity experts are urging consumers to exercise caution when purchasing unofficial streaming hardware or downloading unverified streaming applications ahead of major global sporting events. Security teams recommend using trusted streaming providers, keeping connected devices updated with the latest firmware, and monitoring home networks for suspicious activity.
As global cybercriminal groups increasingly exploit major sporting events to distribute malware and expand botnet operations, Infoblox warns that consumers must pay closer attention to the security of the devices connected to their home networks, not just the online content they access.
