Over 1.3 Million Android TV Set-Top Boxes Infected with Backdoor Trojan Worldwide

TapTechNews September 17th news, the security company DoctorWeb disclosed a report stating that they found that more than 1.3 million Android TV set-top boxes worldwide have been implanted with a backdoor Trojan named Android.Vo1d, and hackers can use this backdoor Trojan to deploy various malicious software.

TapTechNews learned that DoctorWeb researchers first noticed this backdoor Trojan in August this year, which mainly affects TV boxes running AOSP. However, the researchers have not yet clarified how the relevant set-top boxes were infected by this backdoor program. The researchers推测 that the possible ways include hackers using the old version of the Android system vulnerability of the set-top box to obtain root privileges, or users downloading software from non-official platforms themselves and thus being implanted with malicious root software.

Analysis shows that the modules (vold, wd) of Android.Vo1d have multiple functions, including accessing the hacker C&C server set by the hacker to automatically download and run instruction scripts, and also being able to monitor the installation of APK files in specific directories.

Researchers estimate that about 1.3 million Android TV boxes in 197 countries worldwide are infected. The victims are mainly distributed in countries in the Middle East, Africa, South America and Asia, such as Brazil, Morocco, Pakistan, Saudi Arabia, and also including Russia, Malaysia and Indonesia, etc.

It is known that most of these infected devices are relatively low-cost and less well-known Android TV box brands (such as R4, TVBOX, KJ-SMART4KVIP). The researchers推测 that these low-cost brands often use earlier versions of the Android system (such as Android 7-12), and since the relevant set-top boxes actually run AOSP (Android Open Source Project) instead of the AndroidTV system certified by Google, the researchers warn that these devices are extremely vulnerable to being exploited by hackers.