As seen on Android smartphones, FLocker or Frantic Locker, a ransomware, is now on TV. The malware is reported to lock down users' Android TVs and demand payment in iTunes gift cards.
Trend Micro reported on its blog that a marginally different strain of the FLocker ransomware is now infecting Android TVs. The ransomware is reported to initially check whether it's infected a device in Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia or Belarus. If so, then FLocker deactivates itself.
If not, then FLocker waits 30 minutes before starting its routine. Trend Micro has highlighted the finer details of what happens next in the blog post. However, once infected, the ransomware locks the user's device and pretending to be a law enforcement agency, accuses users of online crime and demands payments in iTunes gift cards.
While most ransomware ask users to make payments through cryptocurrency like Bitcoin, FLocker requires users to enter a fresh iTunes gift card number into a dialogue box.
FLocker has been reported to ask for administrator privileges and can lock devices only when granted. However, if access isn't given to the ransomware, then it freezes the screen, faking an update. It also launches the attack by installing an APK file called "mispelled."
Apparently the ransomware's creator has been subtly rewriting the malware's code to create multiple versions to improve its working and to prevent detection. Apparently, since the malware's release in May 2015, Trend Micro has over 7,000 variants in its database, with over 1,200 coming in April this year.
Trend Micro recommends that users contact their device manufacturer for assistance and check whether they have developed a fix. More advanced users are advised to connect the device to a PC and enable ADB debugging. When the command "PM clear %pkg%" is executed through the ADB shell, users can revoke the admin privileges and unistall the mispelled APK.