More than a million TV streaming boxes running older versions of Android are currently infected with malware which could allow hackers to take over the devices, experts have warned.
Cybersecurity researchers from Dr.Web recently discovered 1.3 million TV streaming boxes, powered by the Android Open Source Project, infected with a piece of malware called Vo1d.
While the malware was said to grant the attackers total control over the infected instances, the researchers didn’t discuss what they were actually used for. We can make an educated guess that they’re being added to a botnet, to be used for DDoS attacks. They can also be used as a way into the wider network, or as a way to install ad-serving apps.
Messing with the firmware
The victims are scattered all over the world, with the majority are located in Brazil, Morocco, Pakistan, Saudi ARabia, Russia, Argentina, Ecuador, Tunisia, Malaysia, Algeria, and Indonesia.
One thing they all have in common is running an older variant of Android: Android 7.1.2; R4 Build/NHG47K, Android 12.1; TV BOX Build/NHG47K, and Android 10.1; KJ-SMART4KVIP Build/NHG47K.
The researchers also don’t know how these devices ended up being compromised in the first place, but they suspect firmware tampering.
“One possible infection vector could be an attack by an intermediate malware that exploits operating system vulnerabilities to gain root privileges,” Dr.Web noted. “Another possible vector could be the use of unofficial firmware versions with built-in root access.”
Reaching out to BleepingComputer, a Google representative pointed out that these devices are off-brand and not Play Protect certified Android devices.
“If a device isn’t Play Protect certified, Google doesn’t have a record of security and compatibility test results,” they said. “Play Protect certified Android devices undergo extensive testing to ensure quality and user safety. To help you confirm whether or not a device is built with Android TV OS and Play Protect certified, our Android TV website provides the most up-to-date list of partners.”
To remain secure, it would be best not to download shady TV boxes, keep your devices’ firmware up to date, and only install apps from vetted sources.
Via BleepingComputer