Botnet VO1D Infects 1.5 Million Android TV Devices Worldwide
Botnet VO1D, a malicious software program, is rapidly spreading and has already infected over 1.5 million Android TV devices across 226 countries. According to data from xlab, the botnet is being used to set up anonymous proxy networks and reached its peak on January 14, 2025, with 800,000 active bots.
The first major attack by VO1D was detected by Dr. Web in September 2024, where 1.3 million infected devices in 200 countries were identified. Since then, the botnet has continued to expand its reach and impact.
VO1D’s developers have implemented advanced protection mechanisms, including RSA encryption, XXTEA customized algorithm, and fault-resistant infrastructure based on the DOMAL generation algorithm. These measures make it difficult to detect and stop the botnet.
VO1D has surpassed the scale of other well-known botnets like Bigpanzi and Mirai, with the largest number of infections reported in Brazil (25%), followed by South Africa (13.6%), Indonesia (10.5%), Argentina (5.3%), Thailand (3.4%), and China (3.1%). India experienced a significant surge in infected devices, jumping from 3900 to 217,000 in just 3 days.
Researchers at XLAB believe that the sudden spikes in infections may be due to VO1D leasing its botnet infrastructure to other groups in specific regions, similar to how the 911 S5 service operated before being sanctioned by the US Ministry of Justice in 2024.
The control and control infrastructure of VO1D is extensive, with 32 initial values of the DOMEL generation algorithm used to create over 21,000 C2-domains. The connection between bots and C2-servers is secured with a 2048-bit RSA key, preventing interception and command replacement.
Aside from setting up anonymous proxy networks, VO1D is also being used for clickfraud and fraudulent advertising views. The botnet can simulate user activity, generating clicks and views for fraudulent advertisers using special plugins and the Mzmess SDK platform.
Protecting Android TV from Infection
Despite the widespread spread of VO1D, Android TV users can reduce the risk of infection by following simple