https://krebsonsecurity.com/2025/11/is-your-android-tv-streaming-box-part-of-a-botnet
Security experts are warning consumers about the potential dangers lurking behind the seemingly affordable “Superbox” media streaming devices sold at major retailers like Best Buy and Walmart in the US. While the devices promise unlimited access to a wide range of streaming services for a one-time fee, they require intrusive software that forces the user’s network to relay internet traffic for others, often tied to criminal activities such as advertising fraud and account takeovers.
The Superbox devices initially seem to offer a budget-friendly solution for cord-cutters, but the reality is much more sinister. To access the promised 2,200+ channels, users must first bypass the Google Play store and install unauthorised apps that enable the free streaming. These apps are specifically designed for the Superbox and effectively ensnare the user’s internet connection, turning it into a distributed residential proxy network that relays traffic from unknown sources.
Security researchers have analysed the Superbox devices and discovered that they immediately connect to servers associated with the Chinese instant messaging service Tencent QQ, as well as a residential proxy service called Grass IO. While Grass IO claims to be a decentralised network that allows users to earn rewards by sharing their unused internet bandwidth, the company has stated that it has no affiliation with the Superbox and that the devices appear to be distributing an unethical proxy network. Consumers are advised to exercise caution when considering these types of Android TV streaming boxes, as they may be unwittingly participating in cybercrime activities.