Nearly 1.3 million Android-based TV boxes worldwide have been infected with a new malware called Vo1d.
This malware acts as a backdoor, allowing attackers to install third-party software on the infected devices secretly. The majority of infections have been reported in Brazil, Morocco, Pakistan, Saudi Arabia, Argentina, Russia, Tunisia, Ecuador, Malaysia, Algeria, and Indonesia.
The source of the infection is still unknown, but it is suspected that compromised root privileges or the use of unofficial firmware versions with built-in root access may have contributed to the infections.
Specific TV models targeted in the campaign include KJ-SMART4KVIP, R4, and TV BOX. The malware replaces system files and introduces new malicious files to perform its operations.
Google notes in its Android documentation that the malware modifies system files to execute malicious code on the infected devices.
The malware authors disguised one component as a system program to evade detection. The malware is capable of executing commands from a remote server, downloading and running executables, and installing APK files found in specific directories.
It is common for budget device manufacturers to use outdated operating system versions to attract customers, according to Doctor Web, the Russian antivirus vendor.