Watch out, FLocker Ransomware targets Android smart TVs
Once infected a device, the malware checks the user’s country to avoid infecting machines of Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia, and Belarus.
The FLocker ransomware remains inactive for 30 minutes before running then it launched the background service which requests device admin privileges immediately. If the user doesn’t grant the admin privileges the FLocker ransomware will freeze the screen simulating a system updating.
At this point, the threat contacts C&C that in turn delivers a new APK file and the ransom note which starts the APK installation, takes photos of the infected device and displays the photos taken inside the ransom page. The note is written in the language used in the country of the infected device.
Trend Micro suggests victims to contact device vendors in case of infection, a second option is to enable ADB debugging and operate via the ADB shell in order to sanitize the device and kill the ransomware.
“If an Android TV gets infected, we suggest user to contact the device vendor for solution at first,” reads the analysis.
“Another way of removing the malware is possible if the user can enable ADB debugging. Users can connect their device with a PC and launch the ADB shell and execute the command ‘PM clear %pkg%’. This kills the ransomware process and unlocks the screen. Users can then deactivate the device admin privilege granted to the application and uninstall the app.”
(Security Affairs – FLocker ransomware, mobile)