FLocker

One example of the FLocker variant.

Image Source: Trend Micro

FLocker, short for “Frantic Locker,” targets Android OS and is capable of encrypting files on Android-powered smart TVs. It is distributed by malicious links spread via SMS messages or encountered during internet browsing. These malicious links lead to an Android application package (APK) file which proceeds to download and infect the victim’s Android-powered device. Once the malicious APK has been installed, FLocker waits 30 minutes before taking any further action. After that half hour passes, FLocker begins prompting the victim to allow it administrative access to the device. If the victim declines, the screen freezes and displays a phony system update alert to trick the victim into giving the ransomware administrative access. Once the escalated privileges have been obtained, FLocker establishes communication with a C2 server to download an additional APK and a ransom note HTML file with an enabled JavaScript interface. The ransom note demands a payment of $200 USD in iTunes gift cards.

  • Trend Micro provides more information about FLocker here.
     
  • In the event of an infection, Trend Micro recommends contacting the device vendor for a solution. The victim can also enable ADB bugging and connect the device to a PC, launch the ADB shell, and execute the command “PM clear %pkg%” to kill the ransomware process and unlock the screen. Lastly, deactivate the administrator privileges granted to the malicious application and delete it.