Doctor Web researchers still don't know the cause of a recently discovered malware infection affecting nearly 1,3 million streaming Android devices in nearly 200 countries.
The security company Doctor Web Reported on Thursday that malware named Android.Vo1d has hit Android devices by placing malicious items in their system storage. From there they can be updated with additional malware at any time from command and control servers. Google representatives said the infected devices run operating systems based on the Android Open Source Project, a version overseen by Google but distinct from Android TV, a proprietary version restricted to licensed device makers.
Although Doctor Web has a thorough understanding of Vo1d and its extraordinary reach, the company's researchers report that they have not yet determined the attack vector that led to the infections.
"For now, the source of the contamination of the TV boxes remains unknown," said Thursday's publication.
“A possible infection vector could be an attack from a malware middleware that exploits operating system vulnerabilities to gain root privileges. Another possible driver could be the use of unofficial firmware versions with built-in root access.”
Device models infected by Vo1d are:
TV box model | Declared firmware version |
---|---|
R4 | Android 7.1.2? R4 Build/NHG47K |
TV BOX | Android 12.1? TV BOX Build/NHG47K |
KJ-SMART4KVIP | Android 10.1? KJ-SMART4KVIP Build/NHG47K |
A possible cause of infections is that devices are running old Android versions that are vulnerable to exploits.
Versions 7.1, 10.1, and 12.1, for example, were released in 2016, 2019, and 2022, respectively.
Old devices need attention and replacement!!!