A malware called Android.Vo1d has infected nearly 1.3 million streaming devices based on an open source version of Android, creating a backdoor that allows the installation of malicious software in nearly 200 countries. The security firm Doctor Web reported the infection, which affects TV boxes running modified versions of Android, although researchers have not yet identified the exact cause of the attack. Google confirmed that these devices are not certified TVs, but rather more vulnerable versions that have not passed the security tests of Play Protect.
The malware places malicious components in the system storage area of infected devices, allowing them to be updated via command and control servers. Although experts have identified variants of the malware, the exact infection vector remains unknown. Possible causes include vulnerabilities in the operating system or the installation of unofficial firmware with root access, which compromises devices in the supply chain before reaching consumers.
These would be the affected models:
The infection appears to mainly affect devices with older operating systems, such as versions 7.1, 10.1, and 12.1, which were released between 2016 and 2022. Many budget manufacturers install these outdated versions to make devices look more modern, making them more vulnerable to remote attacks. Google has indicated that the affected devices do not comply with the security standards of Android TV and therefore do not have the standard malware protection.
Researchers have identified three methods used to anchor malware into the system: modification of key files such as install-recovery.sh and daemonsuand the replacement of debugging programs. Tampering with any of these files ensures that the Trojan runs automatically upon device reboots, making it difficult to detect and remove.
Via: Arstechnica
#large #number #televisions #suffer #Android #viruses