Doctor Web said that hackers used the Android.Vo1d malware to install a backdoor on TV boxes, allowing them to take full control of the device and then download and install other malicious applications later. These TV boxes run an outdated Android operating system.

Importantly, Vo1d is not aimed at devices running Android TV, but at set-top boxes running older versions of Android based on the Android Open Source Project. Android TV is only available to licensed device manufacturers.

android.Vo1d_map_en 640x368.png
Map of Android TV box devices infected with malware. Photo: Doctor Web

Doctor Web experts have yet to determine how the hackers installed the backdoor on the TV box. They speculate that they may have used a malicious intermediary, exploited an operating system vulnerability to gain privileges, or used unofficial firmware with the highest level of access (root).

Another reason could be that the device is running an outdated operating system that is vulnerable to remotely exploitable vulnerabilities. For example, versions 7.1, 10.1, and 12.1 were released in 2016, 2019, and 2022. It is not uncommon for low-end manufacturers to install an older operating system on a TV box but disguise it as a modern model to attract customers.

Additionally, any manufacturer can modify open source versions, allowing devices to be infected with malware in the source supply chain and compromised before reaching customers.

A Google representative confirmed that the devices found to have the backdoor were not Play Protect certified. Therefore, Google does not have a security profile and compatible test results.

Play Protect certified Android devices undergo extensive testing to ensure quality and user safety.

Doctor Web said there are a dozen Vo1d variants that use different codes and implant malware in different storage areas, but all have the same result: connecting the device to the hacker's C&C server, installing components to later install additional malware when commanded.

Cases are spread across the globe but are most concentrated in Brazil, Morocco, Pakistan, Saudi Arabia, Russia, Argentina, Ecuador, Tunisia, Malaysia, Algeria and Indonesia.

(According to Forbes)