Even judging from as simple a metric as how often we cover it at Digital Trends, it’s clear that ransomware is becoming increasingly widespread, and as a result, increasingly dangerous. Keeping your antivirus up to date and avoiding suspicious websites certainly helps, but as the public becomes more aware of the problem, malware creators are becoming more creative when it comes to how they manage to ensnare users.
Ransomware has already moved beyond computers, with a particular variety known as FLocker taking over Android-powered smartphones in an attempt to raise money from those whose phones it infects. And now, the latest variant of that same malware is spreading to Android-powered smart TVs, according to a report from Trend Micro.
FLocker (short for “Frantic Locker”) first surfaced in May 2015, taking over Android lock-screens. Though it was quickly identified, the malware’s author continued to tweak and rewrite it in order to avoid detection. Trend Micro has gathered more than 7,000 unique variants since the malware first appeared, and in the past few months, the number of new versions has skyrocketed, with 1,200 appearing in April alone.
The latest version of the ransomware acts as a U.S. Cyber Police or other law enforcement agency, accusing the victim of crimes and demanding payment. The fact that it demands this payment in the form of $200 worth of iTunes gift cards should provide a clue that this message isn’t actually legitimate. When the malware first runs, it checks to see if the user is located in Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia, or Belarus, and deactivates itself if it finds that is the case.
When FLocker begins to run on the affected device, it immediately requests permission to run. If the user denies this, it locks the screen, trying to make it appear as if a system update is running. So far it doesn’t seem as if many reports exist of the malware affecting smart TVs in the wild, but Trend Micro’s findings show that it is indeed possible.
Less tech-savvy users will likely want to contact their device’s vendor for support, though for those more familiar with the ins and outs of Android, another solution is available. After connecting to the device from a PC via ADB, users can execute the command “PM clear %pkg%” to unlock the screen and halt the ransomware from running, after which they can revoke the ransomware’s privileges and uninstall it.
