Niet alleen uw personal computer en smartphone zijn gevoelig voor ransomware aanvallen. TrendMicro onderzoekers zojuist onthulde dat je Android-TV ook is blootgesteld aan het risico te worden afgesloten en onbruikbaar totdat er een losgeld wordt betaald.
De bedreiging, dubbed FLocker (initially detected as ANDROIDOS_FLOCKER.A and short for Frantic Locker) has been around since May 2015. Echter, one version of several thousand variants has now been updated to attack smart TVs.
Meer Android Malware to Keep Away from
How Does FLocker’s Android Smart TV Version Infect Devices?
TrendMicro’s research doesn’t exactly indicate how a smart TV would be attacked. Echter, it’s highly likely that the attack is triggered by SMS or malicious links.
As with other screen lockers, FLocker will lock the screen of the targeted device and will display a ransom message written in the local language. The message would be from US Cyber Police or another similar institution.
The ransomware demanded by FLocker is not in Bitcoins but in… iTunes gift cards. The ransomware operators want to receive $200 in gift cards to unlock the device. In feite, the ransomware’s actions match those of smartphone lockers.
A curious fact is that the threat will not attack devices located in any of these countries: Kazachstan, Azerbeidzjan, Bulgarije, Georgia, Hongarije, Oekraïne, Rusland, Armenië, and Belarus. Bovendien, if FLocker gets installed on a device in any of these regions, it will “stand still” for 30 minutes and then will request device admin privileges. If the request is rejected, the threat will display a fake system update screen.
Even though FLocker locks the screen of the devices, it will not encrypt any files. Niettemin, it will harvest information from (en over) het apparaat.
How to Remove FLocker from Affected Devices
Tech-savvy users can uninstall the ransomware but not before they remove its device admin privileges.
TrendMicro’s piece of advice:
We suggest user to contact the device vendor for solution first if their Android TV gets infected. Another way of removing the malware is possible if the user can enable ADB debugging. Users can connect their device with a PC and launch the ADB shell and execute the command “PM clear %pkg%”. This kills the ransomware process and unlocks the screen. Users can then deactivate the device admin privilege granted to the application and uninstall the app.