Android Ransomware now targets your Smart TV, Too!
Do you own a Smartwatch, Smart TV, Smart fridge, or any Internet-connected smart device?

If your answer is yes, then you need to know the latest interest of the cyber criminals in the field of Internet of Things.


After targeting hospitals, universities, and businesses, Ransomware has started popping up on Smart TV screens.

A new version of the Frantic Locker (better known as FLocker) Ransomware has now the ability to infect and lock down your Smart TVs until you pay up the ransom.

Researchers at Trend Micro have discovered the updated version of FLocker that is capable of locking Android smartphones as well as Smart TVs.

Originally launched in May 2015, the FLocker ransomware initially targeted Android smartphones with its developers constantly updating the ransomware and adding support for new Android system changes.

Here's what the new version of FLocker does to your Android-powered Smart TVs:

  • FLocker locks the device's screen.
  • Displays a fake notice from United States Cyber Police or other law enforcement agency, accusing potential victims of crimes they did not commit.
  • Demands $200 worth of iTunes gift card as Ransom to unlock the infected TV.
Trend Micro says the malware is configured to deactivate itself in some regions including Russia, Bulgaria, Hungary, Ukraine, Georgia, Kazakhstan, Azerbaijan, Armenia, and Belarus.

However, if FLocker detects devices outside these countries, the malware will wait for 30 minutes before requesting admin privileges for the device. If the victim rejects the request, FLocker freezes the screen, faking a system update.

"The C&C [command and control] then delivers a new payload misspelled.apk and the 'ransom' HTML file with a JavaScript (JS) interface enabled," Trend Micro said. "This HTML page has the ability to initiate the APK installation, take photos of the affected user using the JS interface, and display the photos taken in the ransom page."

Although the new variant of FLocker does not encrypt files on the infected device, it has the capability of stealing data from the device, including contacts, the phone number, device information and location data.

Trend Micro's report does not make it clear that how FLocker infects smart TVs, but it does note that typically ransomware infection arrives via SMSes or malicious links.

Therefore, you should be wary while browsing the Internet, and receiving text messages or emails from unknown sources.

How to Remove FLocker from Your Smart TV?

Moreover, if your Android smart TV gets infected, you should contact the device vendor (phone carrier or TV merchant), or if you are kind of technical, you can remove the ransomware after removing its device admin privileges.

"Users can connect their device with a PC and launch the ADB shell and execute the command 'PM clear %pkg%'," Trend Micro said. "This kills the ransomware process and unlocks the screen. Users can then deactivate the device admin privilege granted to the application and uninstall the app."

This isn't the first time when ransomware has targeted Smart TVs. In the past, it was evident how smart TV got attacked with the ransomware also Internet of Things devices being remotely controlled by the attacker.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.