Over a million Android TV streaming boxes infected by Vo1d malware (original) (raw)
Published Sep 13th, 2024 6:23PM EDT
Even if you are an iPhone user, there’s a solid chance you have an Android device somewhere in your house. If the device happens to be an Android TV streaming box, you should check and make sure it’s not infected with dangerous malware.
According to a report from antivirus provider Dr.Web, a new malware dubbed Android.Vo1d has been making the rounds lately. To date, the malware has infected around 1.3 million Android TV boxes in 197 countries, including Brazil, Morocco, and Pakistan.
Impacted users have reported unexpected changes in the device’s system files to Dr.Web on the following Android TV boxes and firmware versions:
- R4: Android 7.1.2; R4 Build/NHG47K
- TV BOX: Android 12.1; TV BOX Build/NHG47K
- KJ-SMART4KVIP: Android 10.1; KJ-SMART4KVIP Build/NHG47K
“The Android.Vo1d.1 module is responsible for Android.Vo1d.3’s launch and controls its activity, restarting its process if necessary,” Doctor Web explains. “In addition, it can download and run executables when commanded to do so by the C&C server. In turn, the Android.Vo1d.3 module installs and launches the Android.Vo1d.5 daemon that is encrypted and stored in its body. This module can also download and run executables. Moreover, it monitors specified directories and installs the APK files that it finds in them.”
Tech. Entertainment. Science. Your inbox.
Sign up for the most interesting tech & entertainment news out there.
By signing up, I agree to the Terms of Use and have reviewed the Privacy Notice.
The report says that the source of the backdoor infection is currently unknown, but hackers are likely targeting these devices because they frequently use outdated versions of Android. And as a result, they haven’t always been updated with the latest security patches. A streaming TV box might not contain the same sensitive data as a phone or computer, but you should still do your best to ensure it’s up to date with the latest software.
UPDATE: 9/14 | A Google spokesperson provided the following quote regarding Vo1d malware: “These off-brand devices discovered to be infected were not Play Protect certified Android devices. If a device isn’t Play Protect certified, Google doesn’t have a record of security and compatibility test results. Play Protect certified Android devices undergo extensive testing to ensure quality and user safety. To help you confirm whether or not a device is built with Android TV OS and Play Protect certified, our Android TV website provides the most up-to-date list of partners. You can also take these steps to check if your device is Play Protect certified.”
Jacob Siegal is Associate Editor at BGR, having joined the news team in 2013. He has over a decade of professional writing and editing experience, and helps to lead our technology and entertainment product launch and movie release coverage.