Vo1d botnet has infected over 1.59 million Android TVs across 226 countries. Reports show a surge in infections, especially in India, where cases jumped from 3,901 to 217,771 within weeks. This malware evolves rapidly, improving its stealth and resilience while making detection difficult.
Researchers found that Vo1d uses RSA encryption to secure communication. This prevents attackers from taking over its command-and-control (C2) infrastructure. Each infected device downloads unique payloads, protected by advanced encryption, making analysis harder for security experts.
First discovered in September 2024, Vo1d mainly affects Android-based TV boxes. It installs a backdoor that allows remote commands from a C2 server. However, how these infections occur remains unclear. Experts suspect supply chain attacks or unofficial firmware with built-in root access.
Unlike certified Android devices, infected TVs likely use the Android Open Source Project (AOSP) code. This makes them more vulnerable to manipulation. Reports indicate the botnet is used for creating proxy networks, ad fraud, and potentially more dangerous cyber activities.
How Vo1d Operates
Vo1d functions through a multi-stage infection process. After initial access, it downloads and executes a second-stage payload. The malware installs multiple components, including a fake Google Play Services app, to maintain persistence.
A modular malware named Mzmess is also deployed. It contains plugins for proxy services, ad fraud, and other unknown functions. Researchers believe Vo1d may be rented out to cybercriminals, allowing them to exploit infected devices for different illegal activities.
Preventing Vo1d Botnet Attacks
To prevent infections, avoid purchasing uncertified Android TV devices. Always update firmware from official sources and disable installation from unknown sources. Additionally, monitor network activity for suspicious traffic and use security tools to detect unauthorized access. Strong cybersecurity practices can help stop malware like Vo1d from spreading further.
Sleep well, we got you covered.
