Overview

• Security researchers from Dr. Web discovered the Vo1d malware infects Android-based TV boxes, not certified by Google Play Protect.
• The malware installs a backdoor, allowing attackers to download and install additional malicious applications.
• Vo1d uses scripts like install-recovery.sh and daemonsu for persistence, enabling it to survive reboots and maintain control over devices.
• Infected devices are primarily running outdated versions of the Android Open Source Project (AOSP) firmware, making them vulnerable.
• The largest number of infections have been detected in Brazil, Morocco, Pakistan, Saudi Arabia, Russia, and several other countries.