Ransomware, as we know it, are pieces of malware that lock up a computer"s files and then try to extort money from the victim in order to set their files free. As the malware"s system evolves, there have been recorded instances already where Android phones even take part in the action. And today, these unwanted programs have traversed into the living room, infecting the television.
A mobile ransomware called "FLocker" has been active for well over a year now, infecting mobile devices and tricking victims into paying a certain amount. However, a recent research by Trend Micro has discovered that there is a new variant of the malware, which can now infect smart TVs that run the Android operating system.
The new variant pretends to be US Cyber Police or a similar law enforcement agency. With this, the ransomware accuses the victim of some crime they did not commit, then demands $200 worth of iTunes gift cards. "Based on our analysis, there are no major differences between a FLocker variant that can infect a mobile device and one that affects smart TVs," according to Trend Micro.
Once the malware is installed on a host device, it gains the ability to avoid static analysis. It will then ask for admin privileges as soon as it is executed. If a user rejects the prompt, the malware will freeze the television"s screen. If administrative privileges are granted, FLocker will then connect to a command-and-control center (C&C).
The C&C will then drop a new payload called "misspelled.apk" as well as the “ransom” HTML file with a JavaScript (JS) interface enabled. The HTML file reportedly has the ability to initiate installation of the APK file, take photos of the victim using the JS interface, and then display these images on the ransom page.
"While the screen is locked, the C&C server collects data such as device information, phone number, contacts, real time location, and other information," Trend Micro states. "These data are encrypted with a hardcoded AES key and encoded in base64."
Trend Micro suggests victims to contact the maker of their TV if ever they are infected. Moreover, the company suggests enabling ADB debugging, by connecting their device to a PC and then launch the ADB shell, executing the command “PM clear %pkg%”. According to the firm, this unlocks the screen and grants victims access to the Android interface. They can then deactivate the admin privileges granted to FLocker, and finally uninstall the app, ridding the malware out of the tube.
Source: Trend Micro via On The Wire | Image via Trend Micro