1.3M Android-Based TV Boxes Backdoored; Researchers Still Don't Know How

Researchers have identified a malware infection affecting approximately 1.3 million Android-based TV boxes across nearly 200 countries. The malware, named Android.Vo1d, has compromised these devices by embedding malicious components in their system storage, allowing for future updates with additional malware. The security firm Doctor Web reported that the source of the infection remains unknown, although potential vectors include vulnerabilities in the operating system or the use of unofficial firmware. Infected devices are primarily running outdated versions of Android, which are more susceptible to exploits. Google noted that these devices are not Play Protect certified, meaning they lack the security and compatibility testing that certified devices undergo. The malware operates by modifying critical system files to ensure its persistence and can connect to an attacker-controlled server to download further malicious components. The geographic spread of infections is extensive, with significant numbers reported in countries such as Brazil, Morocco, and Russia. Doctor Web's antivirus software can detect and disinfect these infections, but users may need to install malware scanners to identify compromised devices.

- 1.3 million Android TV boxes infected with the Android.Vo1d malware.

- The source of the infection is still undetermined, with potential vectors including OS vulnerabilities and unofficial firmware.

- Infected devices are often running outdated Android versions, increasing their vulnerability.

- The malware modifies system files to maintain persistence and connect to attacker-controlled servers.

- Significant infection rates reported in countries like Brazil, Morocco, and Russia.