Ransomware jumps from smartphones to TV

2016-06-14 15:05 - Duncan Alfreds, Fin24
Post a comment 0

(Duncan Alfreds, Fin24)

RELATED ARTICLES

Cape Town – Mobile malware capable of locking down smartphones has made its way to smart TVs, a security company has revealed.

FLocker (detected as Androidos_flocker.a and short for “Frantic Locker”) was first identified on mobile phones in 2015, but has recently migrated to smart TVs, Trend Micro said.

As ransomware, it is able to lock smartphones by encrypting the contents and demanding that users pay to have their data released.

“There is no major difference between a FLocker variant that can infect a mobile device and one that affects smart TVs. To avoid static analysis, FLocker hides its code in raw data files inside the ‘assets’ folder. The file it creates is named ‘form.html’ and it looks like a normal file,” said Trend Micro.

The company has collected over 7 000 variants of the malware and said that the author has rewritten the code several times to avoid detection and improve its routine.

Ransom demand

READ: Here's how ransomware hits SA

Within 30 minutes after infecting a device, FLocker begins background operations where it requests admin privileges. If denied, it will freeze the screen, faking a system update.

“The C&C [command and control] then delivers a new payload misspelled.apk and the ‘ransom’ HTML file with a JavaScript (JS) interface enabled. This HTML page has the ability to initiate the APK installation, take photos of the affected user using the JS interface, and display the photos taken in the ransom page,” Trend Micro said.

The latest version of FLocker masquerades as a cyber security agency, demanding $200 worth of iTunes gift cards.

Trend Micro also said that the malware is location aware. It deactivates itself if it detects its location as Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia and Belarus.

READ: How ransomware has cost Fin24 users thousands

Experts expect ransomware attacks to escalate as cyber criminals eye lucrative returns.

“These attacks are going after anyone with money, and of course the banking account is the obvious place to focus your attention as an attacker. Wealthier banking clients are increasingly being sifted out from the rest of us,” Gerhard Oosthuizen, chief information officer of Entersekt, told Fin24.

“A number of big cases have come up with hospitals and even police stations paying the ransom to unlock their business critical data. We foresee that this trend will continue,” he added.

To remove FLocker from smart TVs, users should contact the manufacturer or attempt Android Debug Bridge debugging by connecting the TV to a PC.


- Follow Duncan on Twitter

Read more about: trend micro  |  cybercrime