Ransomware is quickly becoming a favorite tool among financially-motivated hackers as it offers the opportunity for a quick payout without the risks associated with identity theft. But as security researchers work to improve defenses, cyber attackers are also busy looking for new outlets of infection.
As it turns out, the latest device ripe for an attack may be sitting in your living room.
Trend Micro has been tracking a piece of ransomware called FLocker (short for Frantic Locker) since it first debuted in May 2015. The security researcher said in a recent report that it has gathered more than 7,000 variants in its sample bank as the author has continuously rewritten the code in an effort to avoid detection and improve its effectiveness.
FLocker is an Android mobile lock screen ransomware that locks users out of their device, only allowing them back in if a ransom is paid.
Based on its analysis of the latest version of FLocker, Trend Micro concludes that it can infect both a mobile device and a smart TV. Interestingly enough, when launched for the first time, FLocker checks whether the device is located in Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia or Belarus. If it detects the device is in any of these nations, it deactivates itself.
Otherwise, after a half hour wait, it begins the process of locking the device down by requesting admin privileges. Trend Micro says it then connects to a command and control server to deliver a payload. It can even take photos of the user and display captured images on the ransom page.
Fortunately, users can connect an infected device to a PC, launch the ADB shell and execute the command “PM clear %pkg%” which kills the ransomware process and unlocks the screen. Trend Micro advises less tech-savvy users to contact their device manufacturer vendor for assistance.