FLocker ransomware has been found infecting users’ smartTVs, but there is a fix.

When FLocker ransomware was first uncovered back in the spring of last year, Android phone consumers were warned about its potential for harm. But new findings from Trend Micro have discovered one of FLocker’s 7,000 variants have made their way to smart TVs running Android.


Part of the issue at hand is the multi-device/lone platform system that so many consumers prefer. If you’re used to one operating system and you know your way around the various menus, it stands to reason you’d stick with a similar construct when choosing another device. But this multi-connection is thought to be at least partly to blame for Android-based phone users now finding their smart TVs held for ransom.

Interestingly, one of the variants is masquerading as a warning from law enforcement, claiming that the individual has been caught doing illegal activities with his phone or TV. In order to unlock the device and address the “criminal charges,” the victim must pay a $200…in the form of iTunes gift cards. Because all government transactions are conducted through in-app purchases?

Another interesting aspect to the latest round of FLocker attacks is how it’s able to pinpoint the location of the TV and opt not to install if it’s located in certain countries. Devices located in Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia, or Belarus seem immune, according to some reports, as the ransomware deactivates itself.

For now, affected users are instructed to contact their televisions’ manufacturers in order to coordinate removal of the ransomware, although more tech-savvy users can try to go it alone. According to a post by Trend Micro’s Echo Duan, “Another way of removing the malware is possible if the user can enable ADB debugging. Users can connect their device with a PC and launch the ADB shell and execute the command ‘PM clear %pkg%’. This kills the ransomware process and unlocks the screen. Users can then deactivate the device admin privilege granted to the application and uninstall the app.”