← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Long Live The Vo1d Botnet: New Variant Hits 1.6 Million TV Globally
The Vo1d botnet has infected 1.6 million Android TV devices across 200+ countries, posing a significant cybersecurity threat. This new variant demonstrates enhanced stealth and resilience, utilizing RSA encryption, DGA-based infrastructure, and a modified XXTEA algorithm. The botnet's scale and capabilities surpass previous major attacks, potentially enabling devastating DDoS attacks or unauthorized content broadcasting. Analysis reveals a sophisticated multi-component system including downloaders, backdoors, and modular malware for proxy services and ad fraud. The botnet's rapid growth and evasion techniques highlight the urgent need for improved security measures in smart TV devices and set-top boxes.
MITRE ATT&CK & Malware Families
Indicators of Compromise (15 / 51 total)
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| URL | http://adstat.ziyemy.shop:3389 | — | 2025-02-28 | |
| URL | http://csskkjw.com/s3/b7027626 | — | 2025-02-28 | |
| URL | http://dcsdk.100ulife.com/reportcompbin | — | 2025-02-28 | |
| URL | http://dcsdk.100ulife.com/sdkbin | — | 2025-02-28 | |
| URL | http://dcsdkos.dc16888888.com/reportcompbin | — | 2025-02-28 | |
| URL | http://dcsdkos.dc16888888.com/sdkbin | — | 2025-02-28 | |
| URL | http://jaguar-distributor.syslogcollector.com:12000/v1/agent/ctrl | — | 2025-02-28 | |
| URL | http://ssl87362.com:9999 | — | 2025-02-28 | |
| URL | http://task.moyu88.xyz/cpc/api/proxy/origin | — | 2025-02-28 | |
| URL | http://task.moyu88.xyz/cpc/api/task | — | 2025-02-28 | |
| URL | http://task.moyu88.xyz/cpc/api/xml?productId=0 | — | 2025-02-28 | |
| URL | https://dcsdk.100ulife.com/reportcompbin | — | 2025-02-28 | |
| URL | https://dcsdk.100ulife.com/sdkbin | — | 2025-02-28 | |
| URL | https://dcsdkos.dc16888888.com/reportcompbin | — | 2025-02-28 | |
| URL | https://dcsdkos.dc16888888.com/sdkbin | — | 2025-02-28 |
References (1)