Malicious SuperBox Devices Turn Homes into Proxy Nodes for Cybercriminals

Malicious SuperBox Devices Turn Homes into Proxy Nodes for Cybercriminals

First seen 21 May 2026, 01:42 UTC Kasperskywww.foxnews.comwww.bleepingcomputer.comblog.xlab.qianxin.comwww.wired.com 88% similarity 68.0

Article Content

Browse articles
ThreatCluster

Security researchers have identified that SuperBox Android TV streaming devices, marketed as cost-effective media solutions, may secretly convert users' internet connections into proxy nodes for cybercriminal activities. These devices, sold through major retailers, initiate connections to Tencent QQ and Grass proxy services as soon as they are powered on. The firmware contains tools for network scanning, traffic analysis, and DNS hijacking, allowing them to facilitate ad fraud and other malicious activities. The devices are also capable of participating in DDoS attacks and scanning local networks for vulnerabilities. This situation has raised significant concerns about the security of low-cost streaming devices and their potential to be exploited as part of a botnet. As of May 2026, these devices remain available for purchase despite the risks associated with them.

Key Points: • SuperBox devices may covertly turn home networks into proxy nodes for cybercriminals. • The devices contain malicious tools for network scanning and traffic analysis. • Security researchers warn that these devices are still being sold on major retail platforms.

ThreatCluster AI

Timeline

2025-12-01
SuperBox devices surge in popularity
Marketing for SuperBox devices exploded on social media, promising unlimited streaming for a one-time fee.
Kaspersky
2025-12-15
Security analysis reveals malicious behavior
Researchers found that SuperBox devices contact Tencent QQ and Grass proxy services upon startup, indicating compromised functionality.
Kaspersky
2026-05-20
Kaspersky publishes findings on SuperBox
Kaspersky detailed the malicious capabilities of SuperBox devices, including traffic hijacking and DDoS attack readiness.
Kaspersky
2026-05-21
Fox News reports on SuperBox botnet risks
Fox News highlighted the risks associated with SuperBox devices, emphasizing their use in routing internet traffic for cybercriminals.
Fox News

Community

Browse all →