New malware discovered infecting 1.3 million Android TV boxes

In a recent research report, Dr.Web has made an alarming discovery about the widespread infection of Vo1d malware. Specifically, Dr.Web security experts have identified more than 1.3 million TV box devices worldwide that have been infected with this dangerous malware.

Notably, Vo1d has infiltrated devices in more than 200 different countries and territories, with hotspots concentrated mainly in Brazil, Morocco, Pakistan, Saudi Arabia, Russia, Argentina, Ecuador, Tunisia, Malaysia, Algeria, and Indonesia.

Researchers said Vo1d is capable of infiltrating systems and performing multiple malicious activities, causing serious damage to users, allowing attackers to take complete control of devices.

The Android OS versions targeted in this malware campaign primarily target Android TV boxes. Specifically, the researchers identified vulnerable versions, including Android 7.1.2: Build R4/NHG47K; Android 12.1: Build TV BOX/NHG47K, and Android 10.1: Build KJ-SMART4KVIP/NHG47K.

These Android versions, especially the builds in question, contained security vulnerabilities that hackers exploited to infiltrate and install the Vo1d malware.

The attack targets core Android system files, including install-recovery.sh, daemonsu, and debuggerd. Depending on the variant of the Vo1d malware, these files are modified or completely replaced to facilitate the malicious code's execution.

The campaign exploits system boot scripts to ensure that the Vo1d malware stays active even when the device is rebooted. The main components of Vo1d, cleverly named 'wd' and 'vo1d', play a crucial role in maintaining the malware's persistence and carrying out its malicious activities.

According to Dr.Web experts, once it penetrates the Android TV Box, the Vo1d malware will operate according to a clear division of tasks: Android.Vo1d.1 will take over the initial startup and activation of operations, while Android.Vo1d.3 will take over the control and maintain the existence of the malware in the system. This allows hackers to remotely control the device at will, turning the device into a tool to perform malicious activities.

Although the exact attack method has not been determined, Dr.Web experts believe that Android streaming devices are often targeted because they often run outdated software versions that contain many security vulnerabilities that are easily exploited.

According to Dr.Web, Android TV Box devices can be compromised by malware through two main routes, one is exploiting security vulnerabilities to gain access to the device, the other is installing unofficial software versions that have been granted access. This represents a serious security risk to users and requires appropriate precautions.

To prevent Vo1d infection, Dr.Web recommends that Android users keep their software up to date and disconnect their devices from the internet when not in use. Updating software will help patch security holes, while disconnecting will limit the possibility of remote attacks.

In addition, users should absolutely not download and install APK (Android Package Kit) files from untrusted sources such as third-party websites. APK files are the file format used to distribute and install applications on the Android operating system. Simply put, an APK file is a "package" that contains all the information and code needed for an application to run on an Android device.

Google told BleepingComputer that the devices that were attacked were not running the regular Android TV operating system, but were instead based on the Android Open Source Project (AOSP). AOSP is a pure version of Android, without built-in Google services and apps. Using AOSP allows manufacturers to deeply customize the operating system, but it also opens up more security holes.

Google confirmed that the infected devices were not Play Protect certified Android TV devices. Play Protect certified devices undergo rigorous security and compatibility testing to ensure a safe user experience.

TV box is a compact device, usually in the shape of a box, connected to the TV via HDMI port. This device helps turn a regular TV into a Smart TV. TV box is considered one of the useful technological inventions when it can turn all TVs, whether new or old, into smarter and more convenient. Instead of having to spend a large amount of money to buy a Smart TV, many people choose to spend a few million VND to invest in a TV box.