BADBOX is an Android malware which is embedded in the device firmware. Infected devices immediately connect to a Command and Control (C2) server and enable the attacker to access the local network (proxy), intercept two-factor authentication secrets and to install additional malware on the device.
BADBOX is installed during or immediately after manufacture of the device. Once the device reaches the customer, it is already infected.
It is recommended to immediately take infected devices out of service, as the malware resides on a non-writable partition of the firmware and cannot be removed by the user.