Android Ransomware Infects Smart TV on Christmas Day

December 28, 2017 2:34 pm David Bisson

Android ransomware spoiled one family’s holiday season by infecting their new smart TV right on Christmas Day.

Software engineer Darren Cauthon came across the infection after one of his family members told him their new LG smart television set was behaving strangely.

As he said in a response to his tweet announcing the infection:

“They said they downloaded an app to watch a movie. Halfway thru movie, tv froze. Now boots to this.”

It’s unclear which app the family member downloaded and whether they downloaded it from an official app store. The infected TV was one of the last LG models that ran Google TV, a platform developed by Google in collaboration with Intel, Sony, and Logitech in 2010 and abandoned four years later. Cauthon’s relative might have used Google TV to find and download the infected app from Google’s Play Store.

As reported by Bleeping Computer, it appears the TV suffered an infection at the hands of FLocker, also known as Franctic Locker or Dogspectus. It’s a version of the Cyber.Police ransomware of which Trend Micro’s researchers have found more than 7,000 variants since it first appeared in May 2015. Those include one sample that demanded 200 USD in iTunes gift cards from its victims.

In this infection, FLocker is asking for 500 USD in ransom. Cauthon doesn’t want to meet that demand, so he’s hoping to find a way to restore the smart TV to its factory default settings.

Whether an infection occurs on a mobile device or a smart TV, ransomware developers leverage the same techniques to trick users into downloading their software. One time-honored tactic is to reverse-engineer legitimate apps, modify them with ransomware, and make them available for download on third-party app marketplaces.

Given the persistence of this technique, users should download apps only from official app marketplaces such as Google’s Play Store and Apple’s App Store.