Hackers may have infected millions of Android-based streaming boxes in 197 countries: What users can do

Hackers have reportedly infected over 1.3 million TV streaming boxes that are running on software based on Android Open Source Project ( AOSP ) that allows developers to create custom variants of the Android OS for their own devices. Google has also said that the infected devices are not running Android TV.

According to a report by France-based cybersecurity company Doctor Web , hackers have installed a new Vo1d backdoor malware that allows them to take full control of the devices.

“Doctor Web experts have uncovered yet another case of an Android-based TV box infection. The malware, dubbed Android.Vo1d, has infected nearly 1.3 million devices belonging to users in 197 countries. It is a backdoor that puts its components in the system storage area and, when commanded by attackers, is capable of secretly downloading and installing third-party software.

The largest number of infections have been detected in Brazil, Morocco, Pakistan, Saudi Arabia, Russia, Malaysia, Algeria and Indonesia.

How this malware is ‘dangerous’
The cybersecurity company explains that there are multiple variants of the malware that are used to infect systems depending on the version of software they are running. They all can download and run executables when commanded to monitor specified directories. Another version

Researchers believe these software versions have been targeted because they commonly run outdated software with vulnerabilities.

"One possible infection vector could be an attack by an intermediate malware that exploits operating system vulnerabilities to gain root privileges. Another possible vector could be the use of unofficial firmware versions with built-in root access,” the company says.

What users can do
To prevent infection by this malware, users can check for and install new firmware updates as they become available. These boxes must be disconnected from the internet in case users see any unexpected activity. Users are also advised to not install Android applications as APKs from third-party sites on Android.

Google has also clarified that the infected devices are not running Android TV.

“These off-brand devices discovered to be infected were not Play Protect certified Android devices. If a device isn't Play Protect certified, Google doesn’t have a record of security and compatibility test results. Play Protect certified Android devices undergo extensive testing to ensure quality and user safety. To help you confirm whether or not a device is built with Android TV OS and Play Protect certified, our Android TV website provides the most up-to-date list of partners. You can also take these steps to check if your device is Play Protect certified,” a Google spokesperson told Bleepingcomputer.