Android Ransomware Could Infect Connected TVs
Watch out smart TV owners, malicious hackers who have wreaked havoc on our computers and mobile phones might be moving on to your connected big-screens, and if you’re not careful, you might find your TV locked up and demanding a ransom payment.
According to a blog posted this month by Mobile Threat Response Engineer Echo Duan from Texas-based anti-virus resource Trend Micro, a variant of lock-screen ransomware known as FLocker is out there and could affect any device running the Android operating system, including some smart TVs. This would include recent Sony TVs and some 2015 Sharp Aquos TVs in the U.S., among others.
Sony executives did not respond to our requests for comment.
FLocker is capable of locking up smart TVs, claiming to be a communication from “US Cyber Police,” accusing the user of crimes that weren’t committed and demanding a payment to release the device. Duan said using multiple devices that run on one platform, like Android, enables the malware to affect one one and potentially spread to others with which it connects.
Trend Micro points out that the malware wasn’t specifically authored to go after smart TVs, but there is nothing to stop them from infecting certain models if the malware is received by another device that connects to it, like a mobile phone or tablet.
Read more on TV ransomware after the jump:
“The latest variant of FLocker is a police Trojan that pretends to be US Cyber Police or another law enforcement agency,” Duan writes. “It accuses potential victims of crimes they didn’t commit. Then, it demands 200 USD worth of iTunes gift cards. And based on our analysis, there are no major differences between a FLocker variant that can infect a mobile device and one that affects smart TVs.”
According to internet security publication SCMagazine.com this is the first instance of malware infecting a smart TV that Trend Micro has found.
Duan’s blog said Trend Micro last recorded a large spike in FLocker activity in April with over 1,200 variants.
The ransomware first appeared in May 2015, and Trend Micro gathered over 7,000 variant samples. Curiously, the FLocker will deactivate itself if the device is located in Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia or Belarus, the company said.
“Its author kept rewriting the malware to avoid detection and improve its routine. Over the past few months, we have seen spikes and drops in the number of iterations released,” Duan reported.
She said ransomware usually reaches it victim via spam SMS or malicious links. She advices users to be careful when receiving messages or email from unknown sources.
The ransomware attacks when users download malicious apps spread through links. It first lies dormant for 30 minutes on the device and then starts asking users for admin rights.
When the user declines, FLocker freezes the screen and puts up a phony update message to scare the user into providing it access.
Once administrator privileges are attained, FLocker will talk with its command and control server, from where it downloads another APK and a ransom note.
If an Android device becomes infected, Duan recommends users contact the TV manufacturer for a solution.
Failing that, more tech-savvy users can try removing the malware by enabling ADB debugging. This is accomplished by connecting the device with a PC, launching the ADB shell and executing the command “PM clear %pkg%”. Duan said this kills the ransomware process and unlocks the screen. Users can then deactivate the device admin privilege granted to the application and uninstall the app.
By Greg Tarr
Have a question for the HD Guru? HD GURU|Email
Copyright ©2016 HD Guru Inc. All rights reserved. HD GURU is a registered trademark.