Lmst
Login

#vo1d

Olly 👾Olly42@nerdculture.de
2025-03-18

:androidalt:📺️ Millions of Android TVs hijacked in Massive Botnet — How to see if Yours is at Risk.

The Vo1d malware botnet found on 1.3 million devices back in September 2024 has grown significantly. According to a report from Xlab, a new variant has infected an additional 1.6 million Android TVs across 226 countries.

blog.xlab.qianxin.com/long-liv

#android #tv #os #vo1d #malware #it #security #privacy #engineer #media #tech #news

The botnet, which has been compromising devices via an unknown vector, has apparently been recruiting new Android TV boxes as part of anonymous proxy server networks and has evolved with advanced encryption (RSA + custom XXTEA), resilient DGA-powered infrastructure and enhanced stealth capabilities. Not only is Vo1d one of the largest botnets seen in recent years, far exceeding other sizable infections but it also sees fluctuations and surges that suggest that operators may be renting the infected devices as proxy servers. Notable surges, like one which occurred in India that varied from 3,900 to 217,000 bots in a matter of days, indicate that the devices are likely being used in a kind of “rental-return cycle.” According to Xlab, in such a pattern, the bots are diverted from the main Vo1d network to service a lessee’s directives, which would cause a sudden drop in the overall Vo1d infection count. Then, when the lease period ends and the bots return to the network, a spike is seen in the infection count as the bots again become active and under Vo1d’s control.[ImageSource: Shutterstock] How to stay safe from the Vo1d botnet. Since the infection chain remains unknown, the recommendations are to follow a “holistic approach” meaning to sidestep the threat at its source. This means you'll want to stick to buying streaming devices only from reputable vendors. Resellers and retailers who are trustworthy minimize your likelihood of a device arriving pre-loaded with malware. A Google spokesperson commented: “These off-brand devices discovered to be infected were not Play Protect certified Android devices. If a device isn’t Play Protect certified, Google doesn’t have a record of security and compatibility test results. “Play Protect certified Android devices undergo extensive testing to ensure quality and user safety. To help you confirm whether or not a device is built with Android TV OS and Play Protect certified, our Android TV website provides the most up-to-date list of partners. You can also take these steps to check if your device is Play Protect certified.” ⚠️Additionally, users should always make sure to keep their firmware up to date and install the latest security patches as soon as they become available.⚠️
Marcel SIneM(S)USsimsus@social.tchncs.de
2025-03-05

Botnetz "#Vo1d" weiterhin auf Hunderttausenden #AndroidTV-Geräten aktiv | heise online heise.de/news/Neue-Version-des #Android :android: #Malware #Botnet

Captain :mastodon: :verified:captain@mastodontech.de
2025-03-02

Botnetz "Vo1d" weiterhin auf Hunderttausenden Android-TV-Geräten aktiv | heise online

heise.de/news/Neue-Version-des

#vo1d #android #androidtv #androidtvbox

Macmacst3r
2025-02-28

: Riesiges steuert 1,6 Millionen -Geräte

golem.de/news/android-riesiges

securityaffairssecurityaffairs@infosec.exchange
2025-02-28

Enhanced capabilities sustain the rapid growth of #Vo1d #botnet
securityaffairs.com/174762/mal
#securityaffairs #hacking

曖昧ナ犬aimainainu@mastodon-japan.net
2024-09-26

百万台を超える #Android_TVボックス を襲う #Vo1d
CNET Japan
2024年8月、Doctor Webでは、Dr.Webアンチウイルスによってデバイス上でシステムファイル領域内の変更が検出されたという複数のユーザーから連絡を受けました …
goo.gl/alerts/EFok59

Scripter :verified_flashing:scripter@social.tchncs.de
2024-09-17

Neue Malware auf 1,3 Millionen Android-TV-Boxen – vor allem auf Billig-Geräten | heise online
heise.de/-9868733 #Cybercrime #Backdoor #Malware #Vo1d #AndroidOpenSourceProject #AOSP

Olly 👾Olly42@nerdculture.de
2024-09-15

New Vo1d Malware infects 1.3 million Android Streaming Boxes. :androidalt: 📺️

Threat actors have infected over 1.3 million TV streaming boxes running Android with a new Vo1d backdoor malware, allowing the attackers to take full control of the devices.

[Targeted Android Firmware]
• Android 7.1.2; R4 Build
• Android 12.1; TV BOX
• Android 10.1; KJ-SMART4KVIP Build

news.drweb.com/show/?i=14900&l

#android #tv #vo1d #malware #it #security #privacy #engineering #tech #media #news

To prevent infection by this malware, it is advised that Android users check for and install new firmware updates as they become available. Also be sure to remove these boxes from the internet in case they are being remotely exploited through exposed services. Last but not least, avoid installing Android applications as APKs from third-party sites on Android as they are a common source of malware.[ImageSource: Dr.Web] Geographic distribution of Vo1d-infected TV boxes. In a new report by Dr.Web, researchers found 1.3 million devices infected with the Vo1d malware in over 200 countries, with the largest number detected in Brazil, Morocco, Pakistan, Saudi Arabia, Russia, Argentina, Ecuador, Tunisia, Malaysia, Algeria and Indonesia.[ImageSource: Dr.Web] Modified install-recovery.sh file. Depending on the version of the Vo1d malware installed, the campaign will modify the install-recovery.sh, daemonsu, or replace the debuggerd operating system files, all of which are startup scripts commonly found in Android. The malware campaign uses these scripts for persistence and to launch the Vo1d malware on boot. <The Vo1d malware itself is located in the files wd and vo1d, which the malware is named after.>
securityaffairssecurityaffairs@infosec.exchange
2024-09-13

#Vo1d #malware infected 1.3 Million #Android-based TV Boxes in 197 countries
securityaffairs.com/168342/mal
#securityaffairs #hacking

ricardo :mastodon:governa@fosstodon.org
2024-09-12

Beware: New #Vo1d Malware Infects 1.3 Million #Android TV Boxes Worldwide :android: ⚠️

thehackernews.com/2024/09/bewa

#AndroidTV

Client Info

Server: https://mastodon.social
Version: 2025.04
Repository: https://github.com/cyevgeniy/lmst