NEWS
NEWS
NEWS
New FLocker ransomware can attack Android-powered smart televisions
A new form of ransomware that can attack Android-powered smart televisions has been discovered by security researchers at Trend Micro, Inc.
Dubbed FLocker (short for the Frantic Locker), the malware has been in circulation since at least April 2015 and has previously concentrated on locking down smartphones running the latest builds of Android. However, a newer version of the code now sees it target Smart TVs as well.
The malware can be spread in several ways, including via infected sites and even through SMS messages; it waits 30 minutes after infecting a device before it acts, starting a background service which requests device admin privileges.
If a user denies access to admin privileges, the malware will freeze the screen and fake system updating.
Upon gaining admin access, the malware contacts a command and control center and delivers a new payload that includes the ability to initiate further installations, take photos of the affected user, and to use those photographs as part of an extortion attempt.
Shortly thereafter users receive a “police trojan” message pretending to represent the “US Cyber Police,” that accuses the victim of false crimes and then demands $200 in iTunes gift cards to have the Smart TV or mobile device unlocked.
To make matters worse, an infection on one device means that all devices running Android on the same network may also become infected as well.
“Using multiple devices that run on one platform makes life easier for a lot of people. However, if a malware affects one of these devices, the said malware may eventually affect the others, too,” Trend Micro’s Echo Duan explained in a blog post.
Interestingly, the ransomware does not target everyone. If a device is determined to be located in the East European countries of Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia or Belarus, FLocker deactivates itself.
Solution
Unfortunately, there’s no easy solution to fix an infected device.
Trend Micro recommends that if an Android TV gets infected, the user should contact the device vendor for a solution.
Alternatively, the malware can be removed through enabling ADB debugging, connecting to the device using a PC, launching an ADB shell and then executing the comment “PM clear %pkg%”. This kills the ransomware process and unlocks the screen. Once fixed, users are advised to then deactivate ADB debugging.
Naturally, users are encouraging to practice safe internet and make sure they have mobile security software installed on all their Android devices.
photo credit: Freedom is for the free via photopin (license)
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
