FBI and Google warn about botnet threat to smart devices

In June 2025, the FBI, along with major technology players such as Google, issued a serious warning regarding cybercriminals taking advantage of smart devices within home networks, specifically devices made by generic brand names from China. This exploitation is facilitated through what is known as the BADBOX 2.0 botnet, which either comes preloaded with malicious software or downloads it once the device connects to a home network. Smart devices like TV streaming devices, digital projectors, vehicle infotainment systems, and digital picture frames are particularly at risk, prompting the FBI to alert users to evaluate their IoT devices for any signs of unauthorized access. The advisory emphasizes that both new and existing devices can become part of the BADBOX 2.0 botnet, which consists of millions of infected devices that have backdoors for cybercriminals. These actors may use compromised devices to conduct various illicit activities, including selling or providing free access to networks for malicious purposes. Users are advised to especially monitor devices purchased from lesser-known manufacturers, as they are often more vulnerable to compromise. The FBI and Google are united in promoting vigilance among consumers and encouraging them to disconnect suspicious devices from their networks. The warning also highlights the need for homeowners to be aware of unusual internet traffic and device behaviors, suggesting they refrain from turning off security features like Google Play Protect during setup and avoid downloading apps from unofficial sources. With the rising threat of malicious software on generic IoT devices, users are reminded to keep their devices updated and to prioritize patching vulnerabilities in their internet-facing systems. As unsafe smart devices increase in popularity, the potential for mass infections grows, leading to further exploits across different home networks. In addition to warnings about smart devices, there is emerging concern about a separate scam where cybercriminals are spoofing FBI phone numbers to deceive individuals into sending money under the threat of legal repercussions. The FBI has made it clear that they do not operate in this manner, underscoring the need for individuals to remain cautious about unexpected calls demanding money or personal information. Both issues reflect a broader trend in cyber threats, indicating a critical moment for consumers to reassess their digital security practices in light of increasing sophistication in cyber attacks.