And the saga continues...... just when you thought it couldn't get any worse some ass just created a strain of ransomware that can infect Smart Tv's. Lets set the mood, you come home from a stressful day at the office get some dinner and sit down to watch your favorite channel to discover a message demanding bitcoin to gain access to your Tv, now I'm guessing that will put you in great form for the evening. Thanks to a new version of the Frantic Locker (better known as FLocker) Ransomware has now the ability to infect and lock down your Smart TVs until you pay up the ransom making the above scenario much more realistic.
Researchers at Trend Micro have discovered the updated version of FLocker that is capable of locking Android smartphones as well as Smart TVs. Originally launched in May 2015, the FLocker ransomware initially targeted Android smartphones with its developers constantly updating the ransomware and adding support for new Android system changes. So what exactly does Smart Tv locking ransomware do ? is it the same as the other nasty laptop/desktop strains ? Well the answer to those questions is yes and no.
- FLocker locks the device's screen.
- Displays a fake notice from United States Cyber Police or other law enforcement agency, accusing potential victims of crimes they did not commit.
- Demands $200 worth of iTunes gift card as Ransom to unlock the infected TV.
However, if FLocker detects devices outside these countries, the malware
will wait for 30 minutes before requesting admin privileges for the
device. If the victim rejects the request, FLocker freezes the screen,
faking a system update.
"The C&C [command and control] then delivers a new payload misspelled.apk and the ‘ransom’ HTML file with a JavaScript (JS) interface enabled," Trend Micro said. "This HTML page has the ability to initiate the APK installation, take photos of the affected user using the JS interface, and display the photos taken in the ransom page."
"The C&C [command and control] then delivers a new payload misspelled.apk and the ‘ransom’ HTML file with a JavaScript (JS) interface enabled," Trend Micro said. "This HTML page has the ability to initiate the APK installation, take photos of the affected user using the JS interface, and display the photos taken in the ransom page."
Although the new variant of FLocker does not encrypt files on the infected device, it has the capability of stealing data from the device, including contacts, the phone number, device information and location data. Trend Micro's report does not make it clear that how FLocker infects smart TVs, but it does note that typically ransomware infection arrives via SMSes or malicious links.
Therefore, like always you should be wary while browsing the Internet, and receiving text messages or emails from unknown sources. In the event that you do get hit with Flocker there are a number of steps that you can take to get your device back.
How to Remove FLocker from Your Smart TV?
If your Android smart TV gets infected, you should contact the device vendor (phone carrier or TV merchant), or if you are kind of technical, you can remove the ransomware after removing its device admin privileges.
"Users can connect their device with a PC and launch the ADB shell and execute the command 'PM clear %pkg%'," Trend Micro said. "This kills the ransomware process and unlocks the screen. Users can then deactivate the device admin privilege granted to the application and uninstall the app."I would advise however that you contact your vendor first before you go all tech wizard on your Tv. Just incase you get infected by some new strain that may not have been thought up yet as this may signal the start of a new targeting faze in the age of the iot.
