Mobile malware capable of locking down smartphones has made its way to smart TVs, a security company has revealed.
FLocker (detected as Androidos_flocker.a and short for “Frantic Locker”) was first identified on mobile phones in 2015, but has recently migrated to smart TVs, Trend Micro said.
As ransomware, it is able to lock smartphones by encrypting the contents and demanding that users pay to have their data released.
“There is no major difference between a FLocker variant that can infect a mobile device and one that affects smart TVs. To avoid static analysis, FLocker hides its code in raw data files inside the ‘assets’ folder. The file it creates is named ‘form.html’ and it looks like a normal file,” said Trend Micro.
The company has collected over 7 000 variants of the malware and said that the author has rewritten the code several times to avoid detection and improve its routine.
Within 30 minutes after infecting a device, FLocker begins background operations where it requests admin privileges. If denied, it will freeze the screen, faking a system update.
“The C&C (command and control) then delivers a new payload misspelled.apk and the ‘ransom’ HTML file with a JavaScript interface enabled. This HTML page has the ability to initiate the APK installation, take photos of the affected user using the JavaScript interface, and display the photos taken in the ransom page,” Trend Micro said.
The latest version of FLocker masquerades as a cybersecurity agency, demanding US$200 worth of iTunes gift cards.
Trend Micro also said that the malware is location-aware. It deactivates itself if it detects its location as Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia or Belarus.
Experts expect ransomware attacks to escalate as cybercriminals eye lucrative returns.
“These attacks are going after anyone with money, and of course the banking account is the obvious place to focus your attention as an attacker. Wealthier banking clients are increasingly being sifted out from the rest of us,” said Gerhard Oosthuizen, chief information officer of Entersekt.
“A number of big cases have come up with hospitals and even police stations paying the ransom to unlock their business critical data. We foresee that this trend will continue,” he added.
To remove FLocker from smart TVs, users should contact the manufacturer or attempt Android Debug Bridge debugging by connecting the TV to a PC.
