A new strain of the Vo1d malware botnet has infected nearly 1.6 million Android TV devices across 226 countries, integrating them into anonymous proxy networks.
Xlab researchers, who have been monitoring the campaign since November, reported that the botnet reached its peak on January 14, 2025, with 800,000 active bots currently in operation.
This botnet has grown significantly since Dr. Web researchers initially identified 1.3 million compromised devices in September 2024, and it continues to expand despite previous exposure.
The latest Vo1d variant features improved encryption, resilient infrastructure powered by domain generation algorithms (DGA), and enhanced stealth capabilities to evade detection.
A quarter of the infections are concentrated in Brazil, followed by South Africa, Indonesia, Argentina, Thailand, and China, with rapid spikes in infection rates suggesting that operators may be renting infected devices as proxy servers.
The botnet enables cybercriminals to hide malicious traffic, conduct ad fraud by simulating interactions, and bypass security measures using infected Android TVs.
Since the infection method remains unclear, users are advised to buy from trusted vendors, keep firmware updated, disable unnecessary remote access, and avoid downloading apps from unverified sources.
By isolating IoT devices from critical networks and following strong security practices, users can reduce the risk of Vo1d malware infections.
