After bugging smartphones and other devices, a mobile lock-screen ransomware is now threatening Android-powered Smart TVs, security software company Trend Micro International said on Wednesday. Ransomware is a type of malware that renders the victim’s computer or specific files unusable and demands a ransom from the victim in return for a cryptographic key which can be used to restore the computer or decrypt the encrypted files.
The latest variant of “FLocker” is a police Trojan that pretends to be US Cyber Police or another law enforcement agency. It accuses victims of crimes they didn’t commit and then demands $200 worth of iTunes gift cards. “If ‘FLocker’ reaches a compatible target, it waits for 30 minutes after infecting the unit before it runs the routine. After the short waiting period, it starts the background service which requests device admin privileges immediately,” Trend Micro official said in a statement. “We consider it as a trick to bypass dynamic sandbox. If the user denies this request, it will freeze the screen faking a system update,” the report added.
When the malware runs, it decrypts “form.html” and executes the malicious code. When entering a device for the first time, it checks its location. If the device locates itself in eastern European counties, the malware automatically deactivates itself. To remove the malware, the users can contact their device vendor as well as enable ADB debugging.
Users can also connect their device with a PC and launch the ADB shell and execute the command “PM clear %pkg%”. This kills the ransomware process and unlocks the screen. Users can then deactivate the device admin privilege granted to the application and uninstall the app.