New information suggests that a specific cyber threat scope is rapidly growing – endangering and compromising millions of Android TV devices. The Vo1d botnet first discovered in September 2024 starting with a staggering 1.3 million infected devices, got significantly worse. Recent reports from cybersecurity firm Xlab has cited that the botnet has now been registered to infect an additional 1.6 million devices in over 226 countries, making it one of the most significant botnet attacks in modern history.
Vo1d: The New Threat That Surpassed All Previous Bots
As time goes on, the prevalence of the Vo1d botnet seems to be immense, surpassing the scale of previously existing botnets such as Bigpanzi and Mirai. According to a survey conducted in February 2025, the countries that had the highest proportions of infected devices include, Brazil (25%), South Africa (13.6%), Indonesia (10.5%), Argentina (5.3%), Thailand (3.4%).
It’s still unclear how malware is penetrating malware on Android TV devices, but some analysts believe it’s from the installation of cheap software or defective firmware on low quality devices.
How the Vo1d Botnet Operates
Infected Android TV boxes are integrated into a network of infected devices that operate as a proxy server. The botnet is fortified with complex encryption techniques like RSA and proprietary XXTEA encryption, alongside DGA technology for effectiveness against measures put in place to hinder it.
One of Vo1d’s more worrying activities is the fluctuating count, indicating that infected devices are likely being sold for a short time. For instance, cyber security experts noted dramatic changes in India, where the number of infected devices soared from 3900 to a staggering 217,000 in a matter of days. This suggests the existence of a ‘rental-return cycle’ in which bots are temporarily redirected for certain cybercriminal activities only to be resubmitted to the wider botnet network.
What is the Vo1d Botnet Doing?
Vo1d is active in a number of different activities targeting compromised devices which includes:
Using the Infected Devices as a Proxy Network: The botnet takes control of Android TV boxes and other compromised devices to serve as the IP address of the hacker.
Circumventing Security and Geographical Boundaries: The compromised devices can be used to bypass content restrictions related to specific regions and security attacks.
Executing Ad Fraud: The ad fraud is accomplished through the installation of plugins that replicate actual user actions such as ad and video clicks to create income from advertising fraudulently.
Facilitating Illicit Activities: The botnet helps attackers conceal their identity, and so it is useful for a range of cybercrimes which includes hacking of data, illegal deals, and even espionage.
How to Protect Your Android TV from Vo1d Malware
Because the method of infection is still unknown, users may take a broader approach when it comes to protecting their devices:
Buy from Trusted Sellers – Don’t purchase low quality branded or unverified streaming devices that can be shipped with virus software.
Look for Play Protect Certification – Google has stated that many of the compromised devices were not certified. You can check for certification in the settings of your device or you can visit Google’s Android TV partner list.
Update System Software and Security Reviews – Make sure that your Android tv set gets all the latest software upgrades available.
Sideloading of Apps is Prohibited – Use of the Google Play Store or any other authorized site is recommended to help avoid any chance of unwarranted software.
Turn Off Remote Access When Not In Use – Disabling remote access functions can drastically reduce the risk of an unwanted takeover of your device.
Secure Your Home Network – Consider using a Wi-Fi router with an integrated malware defense such as Net gear Armor or TP-Link Homeshield for added protection to all connected devices.
Use Strong Passwords – As with any smart device, Android TVs need to be protected by strong and unique password to avoid any unauthorized access.
Final Thoughts
Compared to other smart home systems, Android TVs now, unfortunately, have joined the list of easily accessible cyber-criminal targets. Increased dangers to the Vo1d botnet highlight the necessity of being careful when choosing and managing internet-enabled devices. By adopting robust security practices and ensuring that your streaming device is from a trusted manufacturer, you can significantly reduce the risk of falling victim to such large-scale cyber threats.
For those looking to invest in a secure Android TV device, models such as Nvidia Shield remain popular choices for their reliability and continued software support. Stay updated on the latest cybersecurity threats and take proactive measures to protect your digital ecosystem.
