14 DAY TRIAL // Virus makers are evolving along with the times, and have adopted classic desktop malware to target and infect new technology, like smart TVs, as Kaspersky Labs researchers discovered.
It all started when a Reddit user complained that his sister got a virus on his smart TV, something he described as a DNS hijacker. In this particular case, every time he would open his smart TV's Web browser, a popup message would appear, asking the user to call a number to fix his malware problem. Often referred to as browser ransomware, this is a cross between scareware, tech support scams, and ransomware, which make the user's browser unusable.
Since security researchers rarely see complex malware on smart TVs, and most of the times it arrives there by accident, targeting the TV's underlying Android OS, the OS used with most smart TVs, Kaspersky's staff had to analyze the case.
Their investigation led them back to a series of domains, employed in the past to spread various other malware, already blacklisted in their company's Kaspersky Web Protection product.
They also managed to track down part of the ransom message to some source code snippets uploaded to the ddecode.com and PasteBin websites. Putting these snippets together, they managed to reconstruct the malware's malicious JavaScript code that gets executed in the browser and shows the annoying popup.
TV browser hijacker tracked down to an older desktop threat
Researchers tested and accurately reproduced the Reddit user's browser hijacker on both an XP machine and on an LG smart TV.
According to Kaspersky's Dirk Kollberg, the malware used JavaScript to display a malware warning on the page's background, a popup on top, and selected a different phone number based on the user's geographical location.
He also said that the malware was incomplete since it lacked the features to persist on the TV between browser restarts, like the original threat mentioned on Reddit. "It is possible that other malware was involved in the case reported on Reddit, that changed the browser or network settings," Mr. Kollberg said.
Kaspersky reports that this type of malware behavior, involving browser hijacking and a tech support scam, was previously seen targeting Apple MacBooks users in the past.
This shows that malware authors are now actively targeting smart TV users, even if not with uniquely designed malware, or with the same voracity as with other platforms.
