Read Time:1 Minute, 45 Second
Android TV boxes have become increasingly popular for streaming content, apps, and other online services. However, a recent discovery by cybersecurity analysts at Dr. Web reveals that a massive number of these devices have been infected by a backdoor trojan known as Android.Vo1d.
Details of the Malware
Android.Vo1d has affected approximately 1.3 million Android-based TV boxes in 197 countries. It employs advanced techniques to evade detection and establish persistence on the devices. The malware infiltrates the system storage area and modifies crucial files, including install-recovery.sh and daemonsu.
Modus Operandi
Android.Vo1d creates four new files in the device’s file system:
- /system/xbin/vo1d
- /system/xbin/wd
- /system/bin/debuggerd
- /system/bin/debuggerd_real
The malware’s components, “vo1d” and “wd,” are disguised as legitimate system processes. It exploits root access to modify the install-recovery.sh script, ensuring its automatic execution at system startup. This enables the malware to discreetly download and install additional malicious software when instructed by its operators.
Affected Models
The affected Android TV box models include: - R4
- TV BOX
- KJ-SMART4KVIP
Implications
The name “Vo1d” is a deliberate obfuscation, replacing the lowercase “l” in “vold,” a legitimate Android system process. This complex infection strategy demonstrates the evolving sophistication of mobile malware targeting not only smartphones but also smart devices.
Android.Vo1d targets outdated Android versions, particularly Android 7.1, and exploits root access to maintain persistence on devices. The malware’s multiple components and its ability to manipulate system functions pose a significant cybersecurity threat.
Prevention and Mitigation
To protect Android TV boxes from Android.Vo1d and similar malware, it is crucial to: - Keep devices updated with the latest security patches
- Avoid downloading apps from unofficial sources
- Use strong passwords and enable two-factor authentication
- Install a reputable antivirus or anti-malware software
- Exercise caution when connecting devices to public Wi-Fi networks
Conclusion
The infection of over 1.3 million Android TV boxes by Android.Vo1d is a wake-up call for users to prioritize cybersecurity measures. By following the preventive steps outlined above, individuals can protect their devices and sensitive information from such malicious threats.