There is a process of leases ending, and bots rejoining the network.
Almost 1.6 million Android TVs around the world have been roped in by a novel Vo1d malware botnet variant.
According to BleepingComputer, the campaign was initially discovered in November. Researchers from XLab attributed the surge to Vo1d's leasing of its botnet infrastructure.
"Once the lease period ends, the bots rejoin the Vo1d network. This reintegration leads to a rapid spike in infection counts as the bots become active again under Vo1d's control," said researchers.
More than half of the impacted devices remain active, while Brazil, South Africa, Indonesia, Argentina, Thailand, and China account for most of the infections this month. India was also observed to have its bots spike from 3,900 to 217,000 in only three days.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
