Flocker Ransomware Crosses to Smart TV


If you are sharing same network for number of devices then you need to cross check. If any one of the device gets infected by malware, it can spread to entire devices connected to the network. Flocker is one such recently detected ransomware that is capable to locking Android smartphones as well as Smart TVs as well. Police Trojan has been detected as most recent variant of Flocker Ransomware that uses trick creating panic among the users and making the victim demanding ransom. It generates warning messages claiming to be US Cyber Police and other Law Enforcement Agency. It further claims that the following users are found guilty of violating laws and have been victim of some crimes demanding 200 USD worth of iTunes gift cards. On carrying out research analysis, hardly any major differences can be found between variants that infects Android mobile phones and Smart TV

Research & Analysis of Flocker Ransomware

Flocker Ransomware is so nasty that it hides its code within raw data files in the “assets” folder having “form.html” as file name. Thus it appears to be quite normal file and it easily escapes detection when static code analysis is performed. However, as soon as the ransomware executes its malicious codes by decrypting “form.html” the files get locked. The first thing which Flocker Ransomware does, it detects the location of the device if it is executed for the first time. So this malware is region specific and does not infect devices of Eastern European Countries and areas around the vicinity. This makes it quite unique in its action. If it detects the device is located in the Countries like Georgia, Ukraine, Bulgaria, Azerbaijan, Kazakhstan, Russia etc, it does not infect the devices and deactivates its codes. However, if the targeted device does not belong to these locations and is preferably of different location then it is most vulnerable for Flocker Ransomware attack. It waits until 30 minutes to fully activate itself by running and executing its Routine. Thereafter, it seeks admin privileges of the device by initiating the background services. This is nothing but the trick to trap users and make them victim for paying ransom. As soon as the request is denied by the user, the device freezes requiring for update.

Resource: http://blog.trendmicro.com/trendlabs-security-intelligence/flocker-ransomware-crosses-smart-tv/