So imagine this - you're trying to catch up on episodes of "Luke Cage" on Netflix. So far, so good. Popcorn in hand, you're chilling and bingeing with your awesome giant smart TV - not a bad way to spend a weekend, huh?
Suddenly, like a scene out of a bad horror movie, Netflix and "Luke Cage" stops. Screen goes dark momentarily, the remote control is inexplicably not working. What's wrong? Now your Smart TV's screen flickers back and wait, what? A message is displayed and your TV is accusing you of criminal activities you haven't done.
Oh no! It's from the CYBER POLICE and your device has been locked because "all actions are illegal, are fixed (sic)." The message demands that you pay the fine of $200 worth of iTunes gift card codes before its countdown timer runs out or "the case file is transferred to the court."
What will you do?
This is the scenario that's hitting Android-powered smart TVs now that a variant of the Frantic Locker (Flocker) ransomware has started crossing over from Android smartphones. The Flocker ransomware was first discovered by infecting Android smartphones around May 2015 and reports of it targeting Android smart TVs surfaced in June of this year.
The Android TV software, Google TV, runs on quite a few smart TV models like the Bravia line from Sony and Aquos from Sharp.
Once the ransomware hits your TV, it remains dormant for 30 minutes before activating itself to lock the target TV.
It also checks if the TV is located in the following Eastern European countries: Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia and Belarus. If it detects that it is located in any of these locations, it deactivates itself.
How to prevent your TV from getting infected
Frantic Locker spreads via spam text messages and malicious web links. To avoid getting your Android TV infected, be careful when visiting websites using the built-in TV web browser.
Checking email and clicking unknown links through your TV can also put it at risk.
What to do if your Android TV gets victimized
The good news is Flocker does not encrypt files, it simply locks the TV screen. Please do not pay the iTunes ransom.
One way to clear the ransomware infection is to connect the TV to a computer via USB and open the Android Debug Bridge option. With the debug bridge open, run the command "PM clear %pkg%."