New malware discovered infects 1.3 million Android TV boxes.
Recently, the Russian security company Dr.Web discovered a new malware called Vo1d, which has infected 1.3 million Android TV boxes in over 200 countries.
In a recent research report, Dr.Web revealed an alarming finding regarding the widespread infection of the Vo1d malware. Specifically, Dr.Web's security experts identified over 1.3 million TV boxes globally that have been infected with this dangerous malware.
Notably, Vo1d has infiltrated devices in over 200 different countries and territories, with hotspots primarily concentrated in Brazil, Morocco, Pakistan, Saudi Arabia, Russia, Argentina, Ecuador, Tunisia, Malaysia, Algeria, and Indonesia.

Researchers say Vo1d is capable of infiltrating systems and performing various malicious activities, causing serious damage to users and allowing attackers to gain complete control of devices.
The Android operating system versions targeted in this malware attack campaign primarily focus on Android TV boxes. Specifically, researchers identified vulnerable versions including Android 7.1.2: Build R4/NHG47K; Android 12.1: TV BOX/NHG47K Build; and Android 10.1: KJ-SMART4KVIP/NHG47K Build.
These versions of Android, particularly the builds mentioned, contain security vulnerabilities that hackers have exploited to infiltrate and install the Vo1d malware.
This attack campaign targets core Android system files, including install-recovery.sh, daemonsu, and debuggerd. Depending on the variant of the Vo1d malware, these files will be modified or completely replaced to facilitate the malware's operation.
This attack campaign exploits system boot scripts to ensure the Vo1d malware remains active even after the device restarts. The key components of Vo1d, cleverly named 'wd' and 'vo1d', play a crucial role in maintaining the malware's persistence and carrying out its malicious activities.
According to Dr.Web experts, once it infiltrates an Android TV Box, the Vo1d malware operates according to a clear task assignment mechanism: Android.Vo1d.1 handles initial startup and activation, while Android.Vo1d.3 takes over control and maintains the malware's presence within the system. This allows hackers to remotely control the device at will, turning it into a tool for malicious activities.
Although the exact method of attack has not been determined, Dr.Web experts believe that Android streaming devices are often targeted because they typically run outdated software versions containing numerous security vulnerabilities that are easily exploited.
According to Dr.Web, Android TV Box devices can be compromised by malware through two main channels: exploiting security vulnerabilities to gain access to the device, and installing unofficial software versions that have already been granted access. This indicates a serious security risk for users and requires appropriate preventative measures.
To prevent Vo1d infection, Dr.Web recommends that Android users regularly update their software and disconnect their devices from the internet when not in use. Software updates will help patch security vulnerabilities, while disconnecting will limit the possibility of remote attacks.
Furthermore, users should absolutely avoid downloading and installing APK (Android Package Kit) files from unreliable sources such as third-party websites. APK files are a file format used to distribute and install applications on the Android operating system. Simply put, an APK file is a "package" containing all the necessary information and code for an application to run on an Android device.
Speaking to BleepingComputer, Google stated that the compromised devices were not running the standard Android TV operating system, but rather those based on the Android Open Source Project (AOSP). AOSP is a stock version of Android, without built-in Google services and applications. Using AOSP allows manufacturers to deeply customize the operating system, but it also opens up more security vulnerabilities.
Google asserts that the devices infected with the virus are not Android TV devices certified by Play Protect. Play Protect-certified devices have undergone rigorous security and compatibility testing, ensuring a safe user experience.
A TV box is a compact device, usually box-shaped, that connects to a TV via an HDMI port. This device transforms a regular TV into a Smart TV. TV boxes are considered one of the most useful technological inventions, as they can make all TVs, new or old, smarter and more convenient. Instead of spending a large sum of money on a Smart TV, many people choose to invest a few million VND in a TV box.


