Android malware hits 1.3 million Smart TV sticks globally

Security experts have reported on the malware Android.Vo1d, which has affected nearly 1.3 million smart TV sticks based on the Android TV system. The issue is global: infected devices have been detected in almost 200 countries.

The vulnerability in Android TV's security was identified by researchers from Dr.WEB. The malware Android.Vo1d can remotely download and install additional third-party software or access device memory thanks to root access. According to Dr.WEB, the issue was detected in three models of smart TV sticks: R4 with Android 7.1.2, TV BOX with Android 12.1, and KJ-SMART4KVIP with Android 10.1.

Interestingly, the Android.Vo1d software operates through several modules that are responsible for different functions—for example, the Android.Vo1d.1 module is used to download, install, and control the operations of another module (Android.Vo1d.3), which launches yet another module capable of downloading external software, running executable files, and installing APK packages.

In other words, the software’s operation is complex and can lead to data theft from the smart TV stick and other attacks. These devices are usually connected to the main home network and do not receive frequent Android security updates. Thus, once attackers successfully infect a device, they have numerous opportunities for exploitation.

Researchers from Dr.WEB noted that the source of the Android.Vo1d malware is not yet known. It appears that user negligence may have played a role in the successful infections of some Android TV sticks. Infections were recorded on devices with Android TV 7.1, despite newer versions of the system being available. Installing the latest updates could help reduce the impact of this malware.