Your browser is not Javascript enable or you have turn it off. We recommend you to activate for better security reason1.3 million Android-based TV boxes affected by new 'Vo1d' malware - FlatpanelsHD

1.3 million Android-based TV boxes affected by new 'Vo1d' malware

17 Sep 2024 | Rasmus Larsen |

Security experts still do not know how the trojan malware got there but say that it has affected 1.3 million Android-based TV boxes across almost 200 countries.

Google is trying to distance itself from the 'Android TV' branding, now preferring 'Google TV', and perhaps for good reason.

Last year, it became clear that over 20 million Chinese Android TV boxes are infected with the 'Badbox' malware.

To be clear: These boxes run AOSP (Android Open Source Project), not Google's certified 'Android TV' or 'Google TV' such as Chromecast and Nvidia Shield. That is the problem; the open nature of AOSP. You can identify these boxes by their modified user interface, which differs from the one mandated by Google for all official 'Android TV' or 'Google TV' devices.


New Android Vo1d malware

As discovered by security firm Doctor Web and reported by Ars Technica, a new malware named Android.Vo1d has been discovered in almost 1.3 Android TV boxes. - "Doctor Web experts have uncovered yet another case of an Android-based TV box infection. The malware, dubbed Android.Vo1d, has infected nearly 1.3 million devices belonging to users in 197 countries. It is a backdoor that puts its components in the system storage area and, when commanded by attackers, is capable of secretly downloading and installing third-party software."

In almost 200 countries

The botnet can be modified at any time via a server, adding additional malware to the infected boxes. The largest number of infections were detected in Brazil, Morocco, Pakistan, Saudi Arabia, Russia, Argentina, Ecuador, Tunisia, Malaysia, Algeria and Indonesia. The boxes are known as the R4, 'TV Box' and KJ-Smart4KVIP, with build name 'NHG47K'. Multiple variants are expected to exist under various names. They run open-source Android version 7, 10 or 12. - "At the moment, the source of the TV boxes’ backdoor infection remains unknown. One possible infection vector could be an attack by an intermediate malware that exploits operating system vulnerabilities to gain root privileges. Another possible vector could be the use of unofficial firmware versions with built-in root access," said Dr. Web. Google provider the following statement to Ars Technica: - "These off-brand devices discovered to be infected were not Play Protect certified Android devices. If a device isn't Play Protect certified, Google doesn’t have a record of security and compatibility test results. Play Protect certified Android devices undergo extensive testing to ensure quality and user safety." - Source: Dr. Web, Ars Technica
Sign up for FlatpanelsHD's newsletter

The latest news, in-depth articles, reviews, and exclusives in your inbox.

Latest news
SkyShowtime
08 Oct 2024 | Rasmus Larsen |
Smart TV data
08 Oct 2024 | Rasmus Larsen |
Samsung One UI TVs
07 Oct 2024 | Rasmus Larsen |
Sansui OLED TV
03 Oct 2024 | Rasmus Larsen |
Dream Productions
03 Oct 2024 | Rasmus Larsen |
webOS Acer gaming monitor
03 Oct 2024 | Rasmus Larsen |
Xiaomi TV Max 100
02 Oct 2024 | Rasmus Larsen |
Google Home TV
01 Oct 2024 | Rasmus Larsen |