2026-04-17 –, Amphitheater
Sometimes, you disrupt a massive fraud operation only for it to return bigger and stronger two years later.
That's what HUMAN Security found with the successor to the original BADBOX campaign. BADBOX 2.0 targets millions of victims with more backdoor variants, more fraud schemes, and more sophistication than ever before. The China-based threat actors created an entire fraud ecosystem, infecting over 1 million consumer devices with a backdoor in over 200 countries and territories. BADBOX 2.0 is the largest botnet of infected connected TV devices ever uncovered and represents a significant evolution in cybercrime in which multiple types of fraud co-occur.
This talk will dive into all of the details of BADBOX 2.0, including its interconnected nature, how threat actors target the entire customer journey, and how it can be impossible to thwart crimes like this without proper protection. HUMAN’s Satori Research team will present the technical intricacies, including the backdoor techniques, infection vectors, monetization strategies, and the infrastructure that enabled threat actors to hijack millions of devices worldwide, in addition to BADBOX’s implications for the Internet and how the company worked to stop it. We will also provide an update about what happened after the report was released, including how the takedown has progressed.
Lindsay Kaye is the Vice President of Threat Intelligence at HUMAN Security. Her technical specialty spans the fields of malware analysis and reverse engineering, with a keen interest in dissecting custom cryptographic systems. Lindsay is an internationally-recognized cybersecurity speaker and author. She is the author of the book Dissecting the Dark Web, to be published by No Starch Press in February 2026. Lindsay holds a BS in Engineering with a Concentration in Computing from Olin College of Engineering and an MBA from Babson College.
Vikas P is a Staff Investigator at HUMAN Security, specializing in ad fraud research, botnet analysis, and large-scale threat mitigation. With more than a decade of experience in the field, he has led the discovery of major botnet operations including VASTFLUX, BADBOX, and PEACHPIT. Formerly a Vulnerability Researcher at iSIGHT Partners, Vikas now focuses on developing advanced investigation platforms and detection signatures to automate the identification of emerging cyber risks and fraudulent automated traffic.
Joao Santos is a distinguished lead investigator at Human Security on the Satori team. With over a decade of specialized experience in security, he has mastered roles from reverse engineering to penetration testing and sysadmin. His impressive track record extends to conducting threat research and audits for prominent enterprises and government entities in vital areas like passports and citizen IDs. Driven by his dedication to cybersecurity, Joao tirelessly shields individuals and organizations from potential cyber threats. A recognized voice in the community, he frequently shares his insights at information security conferences, championing a safer digital landscape for all.