A backdoor malware called “Vo1d” has apparently infected 1.3 million Android TV boxes that use open source versions of the operating system. It allows creators to remotely control the device and install other malicious elements. According to IT security service provider Dr. Web tools in possibly 197 countries.
Advertisement
According to him, “Vo1d” is widespread Report from the Russian IT security service provider Dr. Web Specifically in Brazil, Morocco and Pakistan, Saudi Arabia, Russia, Argentina, Ecuador, Tunisia, Malaysia, Algeria and Indonesia. Accordingly, the backdoor malware, whose origin is not yet precisely known, installs its elements on the memory of the devices, thus allowing its authors remote access to the boxes with which the television can be transformed into an Android-enabled device.
Apparently only open source versions of Android are affected
If requested, the device could, for example, secretly download additional malicious software or be misused as part of a larger botnet. Google also commented At the request of the Bleeping Computer portal about the matter and clarified that the affected devices were specifically Android TV boxes with versions of the “Android Open Source Project” (AOSP) operating system.
Synology: NAS video streaming only without video stationAOSP has nothing to do with Android TV, the proprietary operating system for Android TV and is not Play Protect certified. In its statement, Google explained that Android TV can only be used by licensed manufacturers and that Google does not have access to security reports and compatibility tests for AOSP devices. For users who want to check the Play Protect certification of their device, visit Google Play Protect. a guide Ready.
Particularly cheaper devices are affected
The fact that “Vo1d” apparently only attacks devices with AOSP software also suggests that cheap, low-quality devices are primarily affected. Manufacturers of such devices often save costs by installing AOSP on their devices. In addition, a newer Android version than the one that is ultimately distributed is often specified.
Older AOSP versions are also a potential vector that can bring malware to devices, said IT experts from Dr. Web, but nothing is yet known about the exact origin of the malware. Accordingly, another piece of malware can serve as a medium to obtain root rights on target devices.
The first known affected firmware versions that affected users should contact Dr. Web reports are:
- Android 7.1.2; R4 build/NHG47K
- Android 12.1; TV Box Build/NHG47K
- Android 10.1; KJ-SMART4KVIP Build/NHG47K
Depending on the version, the malware initially changed the elements install-recovery.sh And daemonsu or changed it debuggerd-Operating system files, which are startup scripts typically found in Android. Several new elements also appeared in the folder structure:
/system/xbin/vo1d/system/xbin/wd/system/bin/debuggerd/system/bin/debuggerd_real
The name “Vo1d” is intended to hide the malware
This probably also gave the software its name: “Vo1d” is a relatively obscure modification of the system program /system/bin/vold. The Vo1d malware is in the files themselves wd And vo1d“Vo1d hides its core functionality in the components vo1d (Android.Vo1d.1) and wd (Android.Vo1d.3), which work together,” explains Dr. Web.
The Android.Vo1d.1 module is responsible for starting Android. Vo1d.3 controls its activity by restarting the process when necessary. In addition, it can download and run executable files when requested by the command and control server.
“Vo1d” allows attackers to download and install APKs
The Android.Vo1d.3 module in turn installs and starts the background program Android.Vo1d.5. This module can also download and execute files. It also monitors specific directories and installs APK files it finds in them.
Android TV boxes are often permanently turned on and connected to the Internet – which also means that the “Vo1d” software can perform the above activities constantly.
Meanwhile, it cannot be ruled out that “Vo1d” could reach Android TV boxes through supply chains. Device manufacturers could have already preinstalled the program. Affected users can try to fix the problem by installing the latest firmware version for their Android TV boxes.
However, the best advice to protect yourself from malware like “Vo1d” is this: don’t even use a device with AOSP software, but rather use a Play Protect-certified device with the Android TV operating system. Because cheap AOSP devices provide a very good gateway for malware.
(No)
PlayStation 6 processors: AMD is said to have given Intel the boot out
