Massive Malware Campaign Targets Over 1.3 Million Android Streaming Devices Researchers have uncovered a widespread malware campaign that has infected over 1.3 million Android TV streaming boxes across more than 200 countries. The malware, dubbed Vo1d, allows threat actors to take full control of infected devices, posing a serious security risk. Targeted countries include Brazil, Pakistan, Saudi Arabia, Russia, and more.
Geographic distribution of Vo1d-infected TV boxes
Source: Dr.Web
Infection Process
The infection typically occurs due to several key factors, including outdated software, unofficial firmware, and weak network security. Here’s how these devices are compromised:
- Exploiting Outdated Android Firmware: Many of the targeted devices are running older versions of Android firmware, such as Android 7.1.2, Android 10.1, and Android 12.1. These versions often contain unpatched vulnerabilities, which cybercriminals exploit to gain root privileges on the device. Root access provides attackers with full administrative control, allowing them to install malware, modify system files, and bypass any built-in security mechanisms.
- Unofficial Firmware with Built-in Root Access: Another key factor in the infection is the use of unofficial firmware versions on these devices. Some off-brand TV streaming boxes come preloaded with firmware that includes built-in root access. This makes it much easier for attackers to deploy malware, as they don’t need to find a vulnerability to gain administrative privileges—root access is already available. This leaves the devices highly vulnerable to malware attacks, including the Vo1d backdoor.
- Installation of Malicious APKs: One of the most common ways the malware is introduced is through the installation of malicious APK files (Android Package Kit). Users often download APKs from unverified third-party sites, believing them to be legitimate apps. However, these APKs can carry malware, like Vo1d, which exploits system vulnerabilities. Once installed, the malware gains a foothold and takes advantage of the system’s weaknesses to escalate its control over the device.
- Network Vulnerabilities and Exposed Services: Many of these streaming devices lack proper security configurations and are exposed to the internet with open services or weak firewalls. This allows attackers to remotely exploit these vulnerabilities, gaining unauthorized access without any direct interaction from the user. In such cases, attackers may launch targeted attacks to install the malware, even if the user has not downloaded any malicious apps.