New persistent malware infecting Android TVs, notably in North Asia

Is your Android TV breaking down?

A new malware has infected roughly 13,500 Internet of Things (IoT) devices like Android TVs in 84 countries, primarily in the Asia-Pacific nations.

The new variant of the InterPlanetary Storm malware is targeting IoT devices such as TVs that run on Android operating systems and Linux-based machines, such as routers with ill-configured SSH (secure shell) service. 

Researchers note that the malware is building a botnet, currently infecting 13,500 machines and this number is expected to grow.

Half of the infected machines are in Hong Kong, South Korea and Taiwan.

US-based cybersecurity firm Barracuda Networks found several unique features designed by the cybercriminal organisation to help the malware persist and protect itself once it has infected a machine. 

It detects the computer security mechanism, honeypots, auto updates itself, tries to persist itself by installing a service using a “Go daemon” package and also kills other processes on the machine that pose a threat to the malware, such as debuggers and competing malware.

Such a rapidly evolving threat environment requires advanced inbound and outbound security techniques that go beyond the traditional gateway. 

“To safeguard IoT devices against this malware variant, it will be necessary to properly configure SSH access on all devices. This means using keys instead of passwords, which will make access more secure,” the researchers noted.

When password login is enabled and the service itself is accessible, the malware can exploit any ill-configured attack surface.

Beware!