Ransomware Hits Android Devices, TVs

Wednesday, June 15, 2016 @ 04:06 PM gHale


Sharp and Philips smart TVs running the Android TV OS, could fall victim to FLocker, a device-locking ransomware, researchers said.

The ransomware targets Android-powered mobile devices and smart TVs.

RELATED STORIES
New Ransomware ‘Undecryptable’
New Ransomware Taking Over
Hike in New Type of Ransom Attacks
New Ransomware Hits, But Asks Small Fee

FLocker (short for “Frantic Locker”) has been around for a year, and its developer(s) are doing their best to keep the threat current. It’s usually delivered to victims via spam SMS or malicious links.

“The latest variant of FLocker is a police Trojan that pretends to be U.S. Cyber Police or another law enforcement agency, and it accuses potential victims of crimes they didn’t commit. It then demands $200 worth of iTunes gift cards,” researchers from Trend Micro said in a blog post.

“Based on our analysis, there is also no major difference between a FLocker variant that can infect a mobile device and one that affects smart TVs,” the researchers said.

The malware is good at hiding, is able to fool static code analysis, and can bypass dynamic sandbox protection.

After infecting a device, it waits 30 minutes before running, then contacts its C&C. The C&C delivers a new APK file and the ransom note – a HTML file with a JavaScript (JS) interface enabled – which initiates the APK installation, takes photos of the affected user, and displays the photos taken in the ransom page.

Researchers said FLocker avoids targeting users located in Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia and Belarus, but goes after all others.

Those who are hit receive a localized ransom message that sports their IP address and photo, and this could be more than enough for the victims to start panicking and pay the fine.