A Chinese cybersecurity company says a new variant of malware–suspected to be called Vo1d–is infecting devices running Android TV such as set-top boxes and smart TVs at an alarming rate, with nearly 1.6 million devices impacted around the world.
These devices, according to XLab, are likely being infected by the Vo1d malware to create a botnet that will then large large-scale DDoS attacks against specific targets. A botnet of that size, according to cybersecurity researchers, can be catastrophic, as other larger DDoS attacks have only enlisted a fraction of the amount of Vo1d-infected devices.
According to XLab, Vo1d has infected 1.6 million Android TV devices across 200+ countries and regions. The report doesn’t indicate that U.S. users of these devices are at risk, with Brazil, South Africa, Indonesia, Argentina, Thailand, and China among the most targeted regions. However, it does illustrate the growing cybersecurity concerns associated with consumer IoT devices, specifically media devices. The Vo1d malware is likely linked to Bigpanzi, another botnet also targeting Android TV devices using similar methods.
To put the 1.6 million figure into perspective, XLabs compares it to some larger DDoS attacks in recent years, including the 2024 Cloudflare attack, a 5.6 Tbps DDoS attack, capable of crashing any website, that used just 15,000 devices.
The 2016 Mirai botnet, meanwhile, wreaked havoc on the U.S. East Coast internet, taking down Twitter and Netflix “with only hundreds of thousands of devices,” XLabs researchers write.
Lightapalooza took place in late February, and the growth of the event has mirrored the rapid ascension lighting fixtures and controls.
“Currently, Vo1d is used for profit, but its full control over devices allows attackers to pivot to large-scale cyberattacks or other criminal activities. For instance, Cloudflare’s 2024 Q4 report noted Android TVs and set-top boxes participating in DDoS attacks. If Vo1d were weaponized, its 1.6 million devices could disrupt critical systems like banking, healthcare, and aviation, causing widespread chaos,” XLabs reports.
A hacked smart TV or STB doesn’t just present risk as part of a botnet operation, as these devices can also be used for a more sinister purpose, such as displaying unauthorized content. Researchers cite two recent examples of this, including set-top boxes in the UAE used to display videos of the Israel-Palestine conflict.
Just last month, TVs at the U.S. Department of Housing and Urban Development were used to show AI-generated footage of President Donald Trump and tech billionaire and Trump consultant Elon Musk. A hacking group, especially one connected to a foreign government, can use these devices to control the narrative and spread propaganda.
According to XLab’s, the operators of the Vo1d malware currently use infected devices to create a vast proxy network for ad fraud and fake traffic. This strategy mirrors the success of 911S5, whose operators amassed over $99 million in illicit profits, according to the U.S. Department of Justice.
As law enforcement cracks down on cybercrime, the demand for anonymization services among criminals continues to grow. Vo1d’s massive, stealthy network offers a powerful alternative to traditional proxies, making it a significant and evolving cybersecurity threat, researchers say.
XLab’s report is just one of a series of similar pieces of research into cyberattacks leveraging consumer IoT devices such as smart TVs and set-top boxes, which have routinely ranked among the least secure devices commonly found in connected homes.
According to XLab, there are two key reasons for this: supply chain vulnerabilities and user behavior. Some manufacturers have ties to illicit actors, embedding malware at the factory level. As production scales up, so does the spread of infections. Meanwhile many users mistakenly assume that smart TV devices are secure and rarely install security software. The common practice of downloading cracked apps, third-party software, or flashing unofficial firmware further exposes these devices, making them prime targets for malware.
XLab says it has actually linked the malware to several companies, but didn’t name which ones. We can likely assume those companies to be off-brand device manufacturers.
Cybersecurity news website BleepingComputer says it was provided a statement from a Google spokesperson, saying the devices were off-brand devices that were not Play Protect certified Android devices. Essentially, Google can’t track the security of those uncertified devices.
The post 2024 Lighting Controls and Fixtures Report appeared first on CEPRO.