Share

Ransomware jumps from smartphones to TV

accreditation
(Duncan Alfreds, Fin24)
(Duncan Alfreds, Fin24)

Cape Town – Mobile malware capable of locking down smartphones has made its way to smart TVs, a security company has revealed.

FLocker (detected as Androidos_flocker.a and short for “Frantic Locker”) was first identified on mobile phones in 2015, but has recently migrated to smart TVs, Trend Micro said.

As ransomware, it is able to lock smartphones by encrypting the contents and demanding that users pay to have their data released.

“There is no major difference between a FLocker variant that can infect a mobile device and one that affects smart TVs. To avoid static analysis, FLocker hides its code in raw data files inside the ‘assets’ folder. The file it creates is named ‘form.html’ and it looks like a normal file,” said Trend Micro.

The company has collected over 7 000 variants of the malware and said that the author has rewritten the code several times to avoid detection and improve its routine.

Ransom demand

READ: Here's how ransomware hits SA

Within 30 minutes after infecting a device, FLocker begins background operations where it requests admin privileges. If denied, it will freeze the screen, faking a system update.

“The C&C [command and control] then delivers a new payload misspelled.apk and the ‘ransom’ HTML file with a JavaScript (JS) interface enabled. This HTML page has the ability to initiate the APK installation, take photos of the affected user using the JS interface, and display the photos taken in the ransom page,” Trend Micro said.

The latest version of FLocker masquerades as a cyber security agency, demanding $200 worth of iTunes gift cards.

Trend Micro also said that the malware is location aware. It deactivates itself if it detects its location as Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia and Belarus.

READ: How ransomware has cost Fin24 users thousands

Experts expect ransomware attacks to escalate as cyber criminals eye lucrative returns.

“These attacks are going after anyone with money, and of course the banking account is the obvious place to focus your attention as an attacker. Wealthier banking clients are increasingly being sifted out from the rest of us,” Gerhard Oosthuizen, chief information officer of Entersekt, told Fin24.

“A number of big cases have come up with hospitals and even police stations paying the ransom to unlock their business critical data. We foresee that this trend will continue,” he added.

To remove FLocker from smart TVs, users should contact the manufacturer or attempt Android Debug Bridge debugging by connecting the TV to a PC.


- Follow Duncan on Twitter

We live in a world where facts and fiction get blurred
Who we choose to trust can have a profound impact on our lives. Join thousands of devoted South Africans who look to News24 to bring them news they can trust every day. As we celebrate 25 years, become a News24 subscriber as we strive to keep you informed, inspired and empowered.
Join News24 today
heading
description
username
Show Comments ()
Rand - Dollar
18.92
+0.1%
Rand - Pound
23.88
+0.1%
Rand - Euro
20.38
+0.2%
Rand - Aus dollar
12.32
+0.2%
Rand - Yen
0.13
+0.1%
Platinum
908.05
0.0%
Palladium
1,014.94
0.0%
Gold
2,232.75
-0.0%
Silver
24.95
-0.1%
Brent Crude
87.00
+1.8%
Top 40
68,346
0.0%
All Share
74,536
0.0%
Resource 10
57,251
0.0%
Industrial 25
103,936
0.0%
Financial 15
16,502
0.0%
All JSE data delayed by at least 15 minutes Iress logo
Company Snapshot
Editorial feedback and complaints

Contact the public editor with feedback for our journalists, complaints, queries or suggestions about articles on News24.

LEARN MORE
Government tenders

Find public sector tender opportunities in South Africa here.

Government tenders
This portal provides access to information on all tenders made by all public sector organisations in all spheres of government.
Browse tenders