- Researchers find a new variant of the Botnet VO1D
- It seems to be designed to be an anonymous indicator
- At the top, it had nearly 1.6 million devices
If you are an Android TV user, take note – there is a new dangerous botnet infecting the ending points on the left and right.
XLAB cybersecurity researchers began to follow a new variant of the Malveillant Botnet VO1D which, in the space of a few months, reached around 1.6 million devices in 226 countries. The size of the botnet varies day by day, and although it culminated in mid-January 2025, it currently has around 800,000 aircraft, the researchers said.
The initial infection vector is unknown at present, but the majority of victims are located in Brazil (25%), followed by South Africa (13.6%), Indonesia (10.5%), Argentina (5.3%), Thailand (3.4%) and China (3.1%).
Botnet for rental
A botnet can be used for many things, in particular distributed service denial attacks (DDOS), residential proxies, manipulation of advertising, etc. In this case, VO1D is used as an anonymous indicator, redirecting criminal traffic and mixing it with legitimate and consumer traffic. It comes with advanced encryption, a strong infrastructure powered by the DGA and advanced obscuration techniques.
Since the number of infected devices varies considerably from one day to the next, researchers think that criminals “praise” the devices as a proxy servers.
“We assume that the phenomenon of” rapid overvoltages followed by net reductions “can be attributed to the rental of VO1D its botnet infrastructure in regions specific to other groups,” they said. Thus, during the days when VO1D had much fewer robots, they probably “gave” the devices to someone else to use.
Android TV devices infected with malware will behave unusually. They will be slow, they will display advertisements randomly, or will crash frequently without cause. To clean the device, users must check their installed applications and delete anything unknown or suspect; Scan with Google Play Protect, monitor the activity of their network and, ultimately, if necessary, carry out a factory reset.
Via Bleeping Compompute
