https://arstechnica.com/security/2024/09/researchers-still-dont-know-how-1-3-million-android-streaming-boxes-were-backdoored/
Infection corrals devices running AOSP-based firmware into a botnet.
Well yeah, it's pretty common knowledge that all those cheap TV boxes running AOSP (not Android TV) are crap and should be avoided.
One possible cause of the infections is that the devices are running outdated versions that are vulnerable to exploits that remotely execute malicious code on them. Versions 7.1, 10.1, and 12.1, for example, were released in 2016, 2019, and 2022, respectively. What’s more, Doctor Web said it’s not unusual for budget device manufacturers to install older OS versions in streaming boxes and make them appear more attractive by passing them off as more up-to-date models.
I mean there's knowing and there's being certain. This seems quite likely.