Smart TVs, set-top boxes emerge as new cybercrime targets in Kenya

Android TV is Google’s smart television operating system, used by major mid-range and budget brands. The operating system offers access to a wide array of apps through the Google Play Store.

Set-top boxes, which convert cable, satellite or internet signals into viewable content, now range from traditional pay-TV decoders to internet-only streaming devices such as Android TV boxes, Apple TV and Amazon Fire TV Sticks.

But while these devices have become central to home entertainment, cybersecurity experts warn that compromised boxes are increasingly being hijacked into botnets used for click-fraud schemes or large-scale Distributed Denial of Service (DDoS) attacks.

Read: Cyber attacks in Kenya triple to 2.5bn as criminals target key sectors

The CA, in its 2025/26 second-quarter Cyber Security Report, says it recorded 310,009 cyberattack attempts targeting end-user devices during the three months from October to December 2025, a 303.18 percent increase from the previous period between July and September 2025.

Targeted devices

The majority of cases targeted mobile devices and Android-based TVs. Threat actors exploited weaknesses such as improper credential management, insecure authentication mechanisms and poor software configuration to gain unauthorised access.

The report says the most targeted systems included Android smartphones, Android TVs, set-top boxes and Google TV applications.

Dr Stanley Githinji, an assistant professor of information systems technology and security at USIU-Africa, says Android TVs and set-top boxes commonly used in Kenyan households often have outdated firmware, weak default passwords or pre-installed malicious applications.

“In addition, some ISP (internet service provider)-related gaps like unsecured routers, default router credentials, shared IP addresses, and limited customer awareness on home network security can further expose users,” he told Business Daily in an interview.

Read: Kenya smartphone attacks quadruple as hackers target Android gadgets

Malware targeting smart TVs typically seeks to harvest sensitive information through the personal accounts logged into the TVs, such as login credentials, browsing data and financial details. In some cases, attackers silently turn infected devices into tools for wider cybercrime.

Once compromised, a TV box can be used to generate fraudulent advertising clicks in the background or to attack other devices on the same home network. “The devices can even be used to spy on users, steal personal data, or act as entry points into the entire home network without the user noticing,” Dr Githinji said.

‘Sideloading’ apps

In July last year, for instance, Google filed a lawsuit in the United States against 25 Chinese entities accused of running a robot network, or botnet, known as BadBox 2.0, which infected more than 10 million Android devices worldwide, including smart TVs.

Android TVs were compromised by malware that turns them into part of a botnet and then uses them to carry out ad-click fraud, where the TV generates fake advertisement clicks in the background.

In another incident, a malware strain dubbed Vo1d, identified in late 2024, infected more than 1.3 million Android TVs and streaming boxes globally by disguising itself as trusted system apps such as Google Play Services.

Another loophole is the widespread practice of ‘sideloading’ apps, which Kenyans use to access third-party streaming, ad-free experiences and custom tools not available on the official app store.

Read: Cyber threats in Kenya decline after months of record attacks

Security experts say this is one of the primary malware entry points. “Attackers often exploit these devices through unverified app installations and through insecure home internet connections,” said Dr Githinji.

Google last August announced plans to restrict the installation of unverified third-party applications on Android TVs to developers only, but backtracked on the plan in November.

To stay safe, users are urged to download apps only from trusted sources, check app permissions and keep device software up to date. Consumers are also advised to purchase Play Protect-certified Android TV devices and avoid cheap, non-certified streaming boxes that may come with malicious code pre-installed.

“Change default passwords on both devices and routers, secure Wi-Fi properly, and seek basic security guidance from ISPs (internet service providers) where possible,” Dr Githinji added.

Follow our WhatsApp channel for the latest business and markets updates.