Off-brand ‘Android TV’ boxes continue to be plagued by malware, with a new batch dubbed “Android.Vo1d” found to be infecting over a million devices across nearly 200 countries. Official, Google-approved products these are not, and that’s the main issue. The affected boxes run AOSP (Android Open Source Project), making them easy targets for bad actors.
First reported by Ars Technica, security firm Dr. Web discovered the new malware and its vast scope of infection:
“Doctor Web experts have uncovered yet another case of an Android-based TV box infection. The malware, dubbed Android.Vo1d, has infected nearly 1.3 million devices belonging to users in 197 countries. It is a backdoor that puts its components in the system storage area and, when commanded by attackers, is capable of secretly downloading and installing third-party software.”
Currently, the Android TV box models that are affected are R4, TV BOX , and KJ-SMART4KVIP, running AOSP version 7, 10, or 12. As of yet, researchers have been unable to determine the method used to infect the devices, but are still studying the new crop of malware.
A Google spokesperson has issued the following statement to Ars Technica regarding the matter:
“These off-brand devices discovered to be infected were not Play Protect certified Android devices. If a device isn’t Play Protect certified, Google doesn’t have a record of security and compatibility test results. Play Protect certified Android devices undergo extensive testing to ensure quality and user safety.”