New malware discovered infecting 1.3 million Android TV boxes

In a recent research report, Dr.Web has made an alarming discovery about the widespread infection of Vo1d malware. Specifically, Dr.Web security experts have identified more than 1.3 million TV box devices worldwide that have been infected with this dangerous malware.

Notably, Vo1d has infiltrated devices in over 200 different countries and territories, with hotspots concentrated mainly in Brazil, Morocco, Pakistan, Saudi Arabia, Russia, Argentina, Ecuador, Tunisia, Malaysia, Algeria, and Indonesia.

Vo1d is capable of infiltrating systems and performing multiple malicious activities, causing serious damage to users, allowing attackers to take complete control of devices, researchers said.

The Android OS versions targeted in this malware campaign mainly focus on Android TV box devices. Specifically, the researchers have identified vulnerable versions, including Android 7.1.2: Build R4/NHG47K; Android 12.1: Build TV BOX/NHG47K and Android 10.1: Build KJ-SMART4KVIP/NHG47K.

These Android versions, especially the builds in question, contain security vulnerabilities that hackers have exploited to infiltrate and install the Vo1d malware.

The attack targets core Android system files, including install-recovery.sh, daemonsu, and debuggerd. Depending on the variant of the Vo1d malware, these files are modified or completely replaced to facilitate the malicious code's execution.

The attack exploits system boot scripts to ensure that the Vo1d malware stays active even after a device reboots. The main components of Vo1d, cleverly named 'wd' and 'vo1d', play a crucial role in maintaining the malware's persistence and carrying out its malicious activities.

According to Dr.Web experts, once it penetrates the Android TV Box, the Vo1d malware will operate according to a clear division of tasks: Android.Vo1d.1 takes over the initial startup and activation of operations, while Android.Vo1d.3 will take over the control and maintenance of the malware in the system. This allows hackers to remotely control the device at will, turning the device into a tool to perform malicious activities.

Although the exact attack method has not been determined, Dr.Web experts believe that Android streaming devices are often targeted because they often run outdated software versions that contain many security vulnerabilities that are easily exploited.

According to Dr.Web, Android TV Box devices can be infiltrated by malware through two main routes, one is exploiting security vulnerabilities to gain access to the device, the other is installing unofficial software versions that have been granted access. This represents a serious security risk to users and requires appropriate precautions.

To prevent Vo1d infection, Dr.Web recommends that Android users regularly update their software and disconnect their devices from the internet when not in use. Updating the software will help patch security holes, while disconnecting will limit the possibility of remote attacks.

In addition, users should absolutely not download and install APK (Android Package Kit) files from untrusted sources such as third-party websites. APK files are the file format used to distribute and install applications on the Android operating system. Simply put, an APK file is a "package" that contains all the information and code needed for an application to run on an Android device.

Google told BleepingComputer that the devices that were attacked were not devices running the regular Android TV operating system, but were based on the Android Open Source Project (AOSP). AOSP is a pure version of Android, without built-in Google services and apps. Using AOSP allows manufacturers to deeply customize the operating system, but at the same time opens up more security holes.

Google confirmed that the infected devices were not Play Protect certified Android TV devices. Play Protect certified devices undergo rigorous security and compatibility testing to ensure a safe user experience.

TV box is a compact device, usually in the shape of a box, connected to the TV via HDMI port. This device helps turn a regular TV into a Smart TV. TV box is considered one of the useful technological inventions when it can turn all TVs, whether new or old, into smarter and more convenient. Instead of having to spend a large amount of money to buy a Smart TV, many people choose to spend a few million VND to invest in a TV box.