A new backdoor malware, Vo1d, has infected over 1.3 million TV streaming boxes running Android, allowing attackers to take full control of the devices. According to a report by Dr.Web, researchers detected the malware in more than 200 countries, with the largest numbers found in Brazil, Morocco, Pakistan, Saudi Arabia, Russia, Argentina, Ecuador, Tunisia, Malaysia, Algeria, and Indonesia.
The infected devices run various versions of Android firmware, including Android 7.1.2, Android 12.1, and Android 10.1. The Vo1d malware modifies the device’s startup scripts to persist and launch itself on boot.
The malware’s main functionality is concealed in its vo1d (Android.Vo1d.1) and wd (Android.Vo1d.3) components, which operate together. It can download and run executables when commanded by a command-and-control server and monitor specified directories to install APK files.
While the exact method of compromise is unknown, researchers believe that outdated software with vulnerabilities makes Android streaming devices an attractive target. To prevent infection, it’s essential to keep firmware up-to-date, remove devices from the internet if they’re being remotely exploited, and avoid installing APKs from third-party sites.
A list of indicators of compromise (IOCs) for the Vo1d malware campaign is available on Dr.Web’s GitHub page.
Source: https://www.bleepingcomputer.com/news/security/new-vo1d-malware-infects-13-million-android-streaming-boxes/