Android TV Boxes Infected With Vo1d Malware

On Thursday, security experts from Doctor Web revealed the discovery of a new Android-based malware, dubbed Android.Vo1d, which has infected nearly 1.3 million devices across 197 countries.

The malware primarily targets streaming TV boxes, utilizing vulnerabilities in outdated Android versions. According to Doctor Web, the infection has spread widely, with the largest number of cases being detected in countries such as Brazil, Morocco, and Russia.

The Android.Vo1d malware acts as a backdoor, embedding itself within the system storage area of affected devices. Once in place, it allows attackers to remotely command the device, installing third-party software without the user’s knowledge.

The Hacker News (THN) notes that the source of the infection remains unknown, but it is suspected to be related to either compromised devices or the use of unofficial firmware. The malware is known to replace the “debuggerd” daemon file and introduce new files containing malicious code.

Forbes reports that the malware is particularly persistent, running scripts that enable it to survive reboots and continue its malicious activities.

The attack does not target Android TV devices specifically, but focuses on off-brand streaming boxes running older versions of the Android Open Source Project (AOSP), as noted by Forbes.

One reason for the widespread infection is that many TV boxes run on outdated Android versions, which are more vulnerable to attacks due to unpatched vulnerabilities. These older versions are often used by budget device manufacturers to make their products more attractive.

Users of TV boxes may mistakenly believe these devices are better protected than smartphones, leading them to neglect installing anti-virus software or downloading unofficial firmware. This can increase their risk of infection, as noted by Forbes.

Google has confirmed that the infected TV models were not Play Protect certified, meaning they did not undergo rigorous security testing. The company advises users to only purchase devices that are Play Protect certified to ensure their safety, as reported by TNH.

It is important for users to keep their devices updated with the latest security patches and avoid downloading apps from untrusted sources. Installing anti-virus software can also help protect against malware infections.