The infected devices include models such as R4 (Android 7.1.2), TV BOX (Android 12.1), and KJ-SMART4KVIP (Android 10.1), many of which date back to 2016.

The report highlights a troubling trend among budget device manufacturers, who often use older Android OS versions while marketing their products as newer and more appealing.

Many users mistakenly believe their TV boxes are secure due to misleading OS version labeling, which increases their vulnerability to infections.

Cybersecurity researchers from Dr.Web have uncovered that approximately 1.3 million TV streaming boxes running outdated versions of Android are infected with a malware known as Vo1d.

While the specific infection vector remains unidentified, it is suspected that the malware exploits OS vulnerabilities or utilizes unofficial firmware with root access.

Experts warn that the Vo1d malware poses significant threats, including the potential for creating botnets for distributed denial-of-service (DDoS) attacks and stealing personal information.

TV boxes are particularly targeted due to their reliance on outdated Android versions that lack security updates and are often neglected by manufacturers.

This malware functions as a backdoor, enabling attackers to secretly download and install additional malicious software on compromised devices.

The malware grants hackers total control over infected devices, raising concerns about their use in DDoS attacks or as entry points into larger networks.

To mitigate the risk of infection, users are advised to install firmware updates, disconnect devices from the internet, and avoid downloading APKs from untrusted sources.

Users can verify the Play Protect certification status of their devices on Google's dedicated support page to ensure their safety.

Vo1d operates through two main components that work together to control device activities and download executables from a command-and-control server.