A new malware named Vo1d has infected around 1.3 million Android-based TV boxes, raising concerns for users across 197 countries.
The malware, discovered by Russian antivirus firm Doctor Web, primarily targets older TV models running outdated Android versions. Vo1d, also known as Void, can install third-party software on compromised devices without the user’s consent, creating backdoor vulnerabilities that allow further infections.
Global Spread and Affected Regions
Doctor Web reports that the infection has heavily impacted countries like Brazil, Morocco, Pakistan, Russia, and others, with these regions accounting for the bulk of the compromised devices. Infected devices include popular models like KJ-SMART4KVIP (Android 10.1), R4 (Android 7.1.2), and TV BOX (Android 12.1), which are vulnerable due to outdated software.
How Vo1d Operates
Vo1d exploits system vulnerabilities by replacing the core system file “/system/bin/debuggerd” and installing malicious executables disguised as system components. Once installed, it establishes a persistent connection to a command-and-control (C2) server, enabling remote commands to download more malware or install APK files.
Potential Infection Sources
It is unclear how Vo1d spreads, but compromised devices may have been targeted through existing vulnerabilities, or users might have installed unofficial firmware with built-in root access, making it easier for the malware to take over. The use of older Android versions, especially before 8.0, is a significant factor in the infection, as these versions handle system crashes differently, allowing malware to exploit them.
Dangers of Infected Android TV Boxes
Vo1d is the latest in a series of infections targeting “stock” Android TV boxes, especially those that run older or modified versions of the Android OS. These devices, often marketed at budget prices, are more vulnerable to such attacks due to their outdated software and lack of security patches.
Google’s Response: Play Protect Certification
Google clarified that the affected devices were not Play Protect certified, meaning they didn’t meet Google’s security standards. Google advises users to check for Play Protect certification to ensure device security and urges manufacturers to adopt the latest firmware updates to protect against known vulnerabilities.
Risks of Budget Android TV Boxes
Budget Android TV boxes frequently run outdated software, leaving users exposed to malware like Vo1d. These manufacturers often mislead customers by using older software disguised as newer versions. As a result, the devices lack essential security patches, making them easy targets for cyberattacks.
How Users Can Protect Themselves
To protect against malware like Vo1d, users should:
- Purchase Play Protect certified Android devices.
- Regularly update their firmware.
- Avoid installing unofficial firmware or rooting their devices unnecessarily.
- Use reliable antivirus software and a VPN for added security.
IPTV for Seniors: A Beginner’s Guide
Final Thoughts
Users of stock Android TV boxes should take proactive steps to secure their devices, such as using a VPN and ensuring their devices are Play Protect certified. It’s vital to consider purchasing devices from reputable manufacturers like Google or MECOOL to avoid security risks.
Stay informed with the latest streaming news and cord-cutting tips by subscribing to the TROYPOINT Advisor.
How to Choose the Best IPTV Service?
