A wave of malware infections is hitting Android devices dedicated to video streaming in several parts of the worldThe details of the threat were disclosed by security researchers from Dr.Web, who state that the new cyber threat is called Vo1d and has already infected more than 1.3 million streaming boxes based on the Android Open Source Project (AOSP) operating system.
The attack quickly spread to over 200 countrieswith particularly high concentrations in Brazil, Morocco, Pakistan, Saudi Arabia and Russia. Other heavily affected nations include Argentina, Ecuador, Tunisia, Malaysia, Algeria and Indonesia. At the time of writing, there are no cases registered in Italy but the situation could evolve, as it often does in these cases. The malware uses various techniques to ensure its persistence on compromised devices: for example, critical system files such as “install-recovery.sh”, “daemon” and “debuggerd”, startup scripts commonly found in Android systems, are modified or replaced to allow the malware to activate automatically at each device reboot.
V0id, a new malware targets TV boxes with Android AOSP
The firmwares currently targeted are Android 7.1.2 R4 Build/NHG47K; Android 12.1 TV BOX Build/NHG47K e Android 10.1 KJ-SMART4KVIP Build/NHG47K. The main components of the malware are hidden in the “vo1d” and “wd” files, which give the threat its name. These modules work in tandem to execute the malicious functionality: the first (specifically Android.Vo1d.1) implements the main functionality of the malware; the second (Android.Vo1d.3) launches and controls its activity, restarting the process if necessary. It can also download and execute files (such as the Android.Vo1d.5 daemon, which is stored and encrypted inside it), when requested by the C&C server that controls its operations.
While the exact method of initial infection is not yet clear, researchers hypothesize two possible attack vectorsThe first involves the use of an intermediate malware capable of exploiting vulnerabilities in the operating system to obtain root privileges; the second instead occurs through the use of unofficial firmware versions with root access already integrated.
Experts point out that Android streaming devices are particularly vulnerable because They often run outdated software and users don’t bother keeping them updated.. To protect against this threat, users should regularly check for firmware updates and install them promptly, while it is advisable to disconnect these devices from the internet when not in use to avoid possible remote compromises through exposed services. Another essential precaution is Avoid installing Android apps from unofficial sourcesas APKs from third-party sites are a common vehicle for malware to spread.
Google ha clarified to BleepingComputer that Infected devices are not running the official version of Android TVbut use customized versions based on AOSP. The company stressed the importance of using Play Protect certified devices, which are unlikely to encounter issues of this type as they undergo rigorous security and compatibility tests
Source: smarthome.hwupgrade.it
