Mobile malware capable of locking down smartphones has made its way to smart TVs, a security company has revealed.<\/p>\n
FLocker (detected as Androidos_flocker.a and short for \u201cFrantic Locker\u201d) was first identified on mobile phones in 2015, but has recently migrated to smart TVs, Trend Micro said.<\/p>\n
As ransomware, it is able to lock smartphones by encrypting the contents and demanding that users pay to have their data released.<\/p>\n
\u201cThere is no major difference between a FLocker variant that can infect a mobile device and one that affects smart TVs. To avoid static analysis, FLocker hides its code in raw data files inside the \u2018assets\u2019 folder. The file it creates is named \u2018form.html\u2019 and it looks like a normal file,\u201d said Trend Micro.<\/p>\n
The company has collected over 7 000 variants of the malware and said that the author has rewritten the code several times to avoid detection and improve its routine.<\/p>\n
Ransom demand<\/strong><\/p>\n Within 30 minutes after infecting a device, FLocker begins background operations where it requests admin privileges. If denied, it will freeze the screen, faking a system update.<\/p>\n \u201cThe C&C [command and control] then delivers a new payload misspelled.apk and the \u2018ransom\u2019 HTML file with a JavaScript (JS) interface enabled. This HTML page has the ability to initiate the APK installation, take photos of the affected user using the JS interface, and display the photos taken in the ransom page,\u201d Trend Micro said.<\/p>\n The latest version of FLocker masquerades as a cyber security agency, demanding $200 worth of iTunes gift cards.<\/p>\n Trend Micro also said that the malware is location aware. It deactivates itself if it detects its location as Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia and Belarus.<\/p>\n Experts expect ransomware attacks to escalate as cyber criminals eye lucrative returns.<\/p>\n \u201cThese attacks are going after anyone with money, and of course the banking account is the obvious place to focus your attention as an attacker. Wealthier banking clients are increasingly being sifted out from the rest of us,\u201d Gerhard Oosthuizen, chief information officer of Entersekt, told Fin24.<\/p>\n \u201cA number of big cases have come up with hospitals and even police stations paying the ransom to unlock their business critical data. We foresee that this trend will continue,\u201d he added.<\/p>\n To remove FLocker from smart TVs, users should contact the manufacturer or attempt Android Debug Bridge debugging by connecting the TV to a PC.<\/p>\n Fin24<\/a><\/p>\n Worst financial malware in SA<\/a><\/strong><\/p>\nMore on malware<\/h3>\n