Antivirus firm Dr.Web has flagged a type of Android malware known as Android.Vo1d that has infected about 1.3 million TV boxes across 197 countries.

The malware effectively enables a backdoor into the TV box's system that allows an attacker to download and install malicious third-party software. The R4 TV box model running Android 7.1.2, a TV Box running Android 12.1, and the KJ-SMART4KVIP TV box running Android 10.1 were the types of devices reportedly impacted.

Some time ago, we intercepted a dubious ELF sample exhibiting zero detection on VirusTotal. This sample, named pandoraspear and employing a modified UPX shell, has an MD5 signature of 9a1a6d484297a4e5d6249253f216ed69. Our analysis revealed that it hardcoded nine C2 domain names, two of which had lapsed beyond their expiration protection period. We seized this opportunity to register these domains to gauge the botnet's scale. At its peak, we noted approximately 170,000 daily active bots, predominantly in Brazil.employing a modified UPX shell, has an MD5 signature of 9a1a6d484297a4e5d6249253f216ed69. Our analysis revealed that it hardcoded nine C2 domain names, two of which had lapsed beyond their expiration protection

• Cybersecurity Firm Human Security has discovered malware on dozens of streaming devices and iOS/Android apps.
• A huge number of Android TV boxes contain malware capable of conducting ad fraud, creating fake accounts, and selling access to home networks.
• Researchers found that the malware they have dubbed Badbox is not only tricky to detect but difficult to remove as well.
• Android TV box users must prefer installing apps from reliable sources and keep their devices up-to-date.
• Human Security has already shared details of its findings with concerned law enforcement agencies.