The FLocker (Frantic Locker) είναι ένα ransomware για Android που όπως φαίνεται “αποφάσισε” να αλλάξει συσκευή. Το κακόβουλο λογισμικό είναι πλέον σε θέση να μολύνει και να κλειδώσει έξυπνες τηλεοράσεις (smart TVs) που λειτουργούν με το λειτουργικό σύστημα Android.
The FLOCKER (Frantic Locker) ransomware appeared in May of 2015, and Trend Micro reports that 7.000 has been detected differently, as its code continues to evolve.
Only in April of 2016 Trend Micro reports that it detected over 1.200 variants of FLocker and generally observed a visible growth in the malware boot.
Η Trend Micro has not confirmed it, but the screen asking for the ransom appears to be similar to that used by Cyber.Police (Dogspectus) ransomware. In April, at about the same time as FLOCKER development, Blue Coat and Zimperium reported that Cyber.Police has acquired the ability to infect Android devices without requiring any user interaction.
So is the most recent one development among FLocker's capabilities according to Trend Micro is that it can spread via spam SMS messages containing malicious links.
So once someone downloads the ransomware through these links, the malware hides for 30 minutes. It does this of course to avoid virus scanning tools. The malicious code is hidden in a archive HTML inside the “Assets.” folder. This file hides a DEX file with the malicious routines.
After the first 30 minutes Flocker starts its hostile behavior towards the user asking to give him admin rights. If the user refuses, FLocker freezes the screen with a fake message to update the system to scare the user and give him the required access.
When FLocker gains admin privileges, it will start talking to the C&C (administrative and control), from where it downloads another APK along with the ransom note, in HTML & JS format.
FLocker displays the ransom note across the screen and starts the second APK, which encrypts the device files with an AES encryption key.
While Flocker has been hitting only mobile devices in the past, recent versions have begun to encrypt data on smart TVs running on Android OS.
Android OS running on mobile devices and smart TVs is different, so it's not necessary that all malware for Android can run on both. It is obvious that the scammers added this function.
FLocker requests users of 200 dollars on gift cards via iTunes and avoids running on devices located in the following countries: Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia, and Belarus.
