TapTechNews September 14th news, the network security company Dr.Web released a blog post on September 12th, reporting a new type of malware named Android.Vo1d, which has currently infected about 1.3 million Android TV set-top boxes in 197 countries and regions around the world.
The company reported that the following AndroidTV boxes and firmware versions are affected, and TapTechNews attached the chart as follows:
TV set-top box model Problem firmware version R4 Android 7.1.2; R4 Build/NHG47K TVBOX Android 12.1; TVBOX Build/NHG47K KJ-SMART 4K VIP Android 10.1; KJ-SMART 4K VIP Build/NHG47KThis malicious program mainly infects the following target files of the TV set-top box:
install-recovery.sh
daemonsu
In addition, add 4 new files in the system file
/system/xbin/vo1d
/system/xbin/wd
/system/bin/debuggerd
/system/bin/debuggerd_real
The Android.Vo1d.1 module is responsible for starting Android.Vo1d.3 and controlling its activities, and will restart its process when necessary, and can also download and run executable files under the instructions of the C&C server.
In turn, the Android.Vo1d.3 module will install and start the encrypted Android.Vo1d.5 daemon embedded in it. This module also has the ability to download and run executable files, and will monitor the specified directory and install the APK files found in it.