- Researchers find a new VO1D botnet variant
- It seems designed to be an anonymous proxy
- At the peak, almost 1.6 million devices counted
If you are an Android TV user, take note: there is a new and dangerous infecting final points of infection to the left and the right.
XLAB cybersecurity researchers have begun to track a new variant of the Malicious VO1D botnet that, in a period of only a couple of months, grew to approximately 1.6 million devices in 226 countries. The size of the botnet varies from day to day, and although it reached its maximum point in mid -January 2025, it currently counts around 800,000 devices, the researchers said.
The initial infection vector is unknown at the present time, but most victims are in Brazil (25%), followed by South Africa (13.6%), Indonesia (10.5%), Argentina (5.3%), Thailand (3.4%) and China (3.1%).
Botnet for rent
A botnet can be used for many things, including the attacks of denial of distributed service (DDOS), residential representatives, advertisement manipulation and more. In this case, VO1D is being used as an anonymous proxy, redirecting criminal traffic and combining it with legitimate traffic of consumption. It comes with advanced encryption, a strong infrastructure driven by DGA and latest generation obfuscation techniques.
Since the number of infected devices varies greatly from one day to another, researchers believe that criminals are “renting” devices such as proxy servers.
“We speculate that the phenomenon of the” rapid surgeens followed by a strong decrease “can be attributed to the lease of VO1D its botnet infrastructure in specific regions to other groups,” they said. Then, during the days when VO1D had significantly less bots, they probably “gave” the devices to another person to use.
Android TV devices infected with malware will behave unusually. They will be slow, they will show random ads, or will frequently crash apparently without cause. To clean the device, users must verify their installed applications and eliminate anything unknown or suspicious; Scan with Google Play Protect, monitor the activity of your network and, ultimately, if necessary, make a factory restart.
Through Bleepingcomputer
