Experts warn that more than a million TV streaming boxes running older versions of Android are currently infected with malware that could allow hackers to take over the devices.
Cybersecurity researchers from Dr.Web recently discovered that 1.3 million TV streaming boxes powered by the Android Open Source Project were infected with malware called Vo1d.
While the malware would give attackers complete control over the infected instances, the researchers didn’t discuss what it was actually used for. We can make an educated guess that it’s being added to a botnet, to be used for DDoS attacks. It could also be used as a way to compromise the wider network, or as a way to install ad-serving apps.
Tampering with the firmware
The victims are spread all over the world, but most are in Brazil, Morocco, Pakistan, Saudi Arabia, Russia, Argentina, Ecuador, Tunisia, Malaysia, Algeria and Indonesia.
One thing they all have in common: they run on an older version of Android: Android 7.1. 2; R4 Build/NHG47K, Android 12.1; TV BOX Build/NHG47K and Android 10.1; KJ-SMART4KVIP Build/NHG47K.
The researchers also don’t know how the devices were hacked in the first place, but they suspect firmware manipulation.
“A possible infection vector could be an attack by an intermediate malware that exploits vulnerabilities in the operating system to gain root privileges,” Dr.Web noted. “Another possible vector could be the use of unofficial firmware versions with built-in root access.”
Contact Us BleepingComputerA Google representative pointed out that these devices are unbranded and not Play Protect-certified Android devices.
“If a device is not Play Protect certified, Google does not have data on the results of security and compatibility tests,” they said. “Play Protect certified Android devices undergo extensive testing to ensure quality and user safety. To help you confirm whether a device is built on Android TV OS and Play Protect certified, our Android TV website provides the most up-to-date list of partners.”
To stay safe, it’s a good idea to avoid downloading dodgy TV boxes, keep your device’s firmware up to date, and only install apps from verified sources.
Via BleepingComputer