HQ/EMEAFind out how we can help your business
The newly discovered Vo1d malware campaign has infected over 1.3 million Android TV streaming boxes. Based on reports, this new backdoor spyware campaign allowed its operators to have complete control over the compromised devices.
The Android Open-Source Project (AOSP) is Google’s open-source mobile, streaming, and IoT operating system.
According to a new analysis, researchers discovered 1.3 million devices infected with malware in over 200 countries. The confirmed countries with the highest number of infections were Indonesia, Malaysia, Russia, Pakistan, Saudi Arabia, Morocco, Algeria, Tunisia, Ecuador, Brazil, and Argentina.
The Vo1d malware operators change the attack process depending on the deployed strain.
Investigations revealed that the campaign would change the install-recovery.sh, daemonsu, or replace the debugged operating system files depending on the version of the Vo1d malware deployed. Researchers noted that all of these are startup scripts standard in Android.
The malware campaign uses these scripts to establish persistence and activate the Vo1d malware when the computer starts. In addition, the analysis showed that Vo1d’s essential functionality is hidden in its vo1d (Android.Vo1d.1) and wd (Android.Vo1d.3) components, which work hand-in-hand.
The Android.Vo1d.1 module oversees Android. Vo1d.3 launches and controls its activities, restarting the process if necessary. Furthermore, it may download and run executables when instructed by the command-and-control server.
In turn, the Android.Vo1d.3 module installs and starts the Android.Vo1d.5 daemon, which is encrypted and saved in its body. This module can also download and run executable files. Furthermore, it monitors defined directories and installs any APK files.
The researchers do not know how Android streaming devices are infected, but some suspect they are targeted because they frequently run older software containing bugs. Still, the one possibility with a high chance of factuality is that one potential infection channel is an attack by intermediary malware that leverages OS vulnerabilities to obtain root privileges.
To avoid infection with this malware, Android users should check for and install new firmware updates as soon as they become available. Lastly, users should remove these devices from the internet in case they are remotely attacked via exposed services.
