A new variant of Android ransomware appears to have gained the ability to not only infect smartphones, but also Android powered smart TVs. Frantic Locker, or Flocker for short, has been around since 2015 – with the hackers behind it constantly altering the code to avoid detection. TrendMicro claims to have around 7,000 variants of the malware on file.
The smart TV infecting version of Flocker is designed to avoid targets in certain Eastern European countries, with nobody really sure of the reason. It checks for locations in Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia, and Belarus; and doesn’t lock the device screen if any of these regions are detected.
In other countries, the malware waits 30 minutes before attempting to take control of the system by requesting admin privileges. In the case that the user fails to provide this, it fakes a system update to gain access.
Once it has control, the malware goes into full ransom mode. It locks the screen and displays a warning from the “US Cyber Police” and demands payment in iTunes gift codes. It also steals whatever user data it can find on the TV and sends it back to the command and control server.
Fortunately, Flocker doesn’t encrypt any data on the infected device. Users will be able to remove it entirely by hooking the TV up to a computer and disabling the malware’s admin privileges. Doing this will allow it to be uninstalled safely.
Nobody is sure how ransomware spreads to TVs, although Trend Micro says that this happens through spam SMS or malicious links. How a TV receives spam SMS is beyond us though.
[Source: Trend Micro]