A new malware infection known as AndroidVo1d, also referred to as Vo1d, has affected approximately 1.3 million Android-based TV boxes in 197 countries [2] [3] [4], with a majority of infections detected in countries like Brazil [1] [2], Morocco [1] [2] [3] [4], Pakistan [1] [2] [3], Saudi Arabia [3], and Russia [3] [4].
Description
This sophisticated backdoor malware [3], AndroidVo1d [3] [4] [5], was first discovered in August 2024 and specifically targets TV models such as R4 (Android 7.1.2) and KJ-SMART4KVIP (Android 10.1). AndroidVo1d disguises itself by altering system files and utilizing root access for persistence and automatic relaunch during reboots [3]. It communicates with a command-and-control server to download and execute files [2], with one of its components disguised as a system program to evade detection [1]. The malware involves changes to system files like vo1d [4], wd [4], debuggerd [4], and install-recovery.sh [4], and anchors itself in the system by modifying files such as daemonsu and debuggerd. The main components of AndroidVo1d, vo1d and wd [4], work together to download and run executables [4]. Devices in countries like Brazil [3] [4], Morocco [1] [2] [3] [4], Pakistan [1] [2] [3], Saudi Arabia [3], and Russia have been infected, with TV boxes being targeted due to running outdated Android versions with unpatched vulnerabilities [4].
Conclusion
The global impact of Vo1d highlights the need for collaborative efforts among cybersecurity experts [5], antivirus vendors [5], and end-users to effectively combat such threats. It is crucial for users to update their devices regularly and be cautious of suspicious activities to prevent malware infections like AndroidVo1d from causing further harm.
References
[1] https://articlesmart.org/new-vo1d-malware-infects-1-3-million-android-tv-boxes-worldwide/
[2] https://thehackernews.com/2024/09/beware-new-vo1d-malware-infects-13.html
[3] https://securityonline.info/massive-android-tv-box-infection-over-1-3-million-devices-compromised-by-android-vo1d/
[4] https://news.drweb.com/show/?i=14900&lng=en
[5] https://www.krofeksecurity.com/warning-vo1d-malware-rampant-in-1-3m-android-tv-boxes-globally/
