1.3 Million Android TV Boxes Infected with Vo1d Malware

The malware exploits outdated software and unofficial firmware, impacting devices in nearly 200 countries.

Security researchers from Dr. Web discovered the Vo1d malware infects Android-based TV boxes, not certified by Google Play Protect.
The malware installs a backdoor, allowing attackers to download and install additional malicious applications.
Vo1d uses scripts like install-recovery.sh and daemonsu for persistence, enabling it to survive reboots and maintain control over devices.
Infected devices are primarily running outdated versions of the Android Open Source Project (AOSP) firmware, making them vulnerable.
The largest number of infections have been detected in Brazil, Morocco, Pakistan, Saudi Arabia, Russia, and several other countries.