A Reddit user with username being “moeburn” raised the likelihood of new malware flowing for Smart TVs, this week:
My sister got a virus on her TV. A VIRUS ON HER GODDAMN TV.
It was an LG Smart TV with a built-in web browser, and she managed to get a DNS Hijacker that would say “Your computer is infected please send us money to fix it” any time she tried to do anything on the TV.iff
The Kaspersky Lab got the chance to work on the case attempting to conclude if this danger was focusing on all connected TVs particularly or whether this was just an inadvertent infection on that TV alone. Attempting to connect with the website page said in the URL from the photograph doesn’t work — domain name didn’t resolve to any IP at the time when Kaspersky guys started their investigation.
Experts utilized their most loved web crawler and discovered numerous hits while searching for the area.
“Besides the host “ciet8jk” (ciet8jk.[maliciousdomain].com), 27 other hosts have been assigned to that domain name and pointed to same IP address.” states Kaspersky Lab.
August 17, 2015 is the date when domain in question ***-browser-alert-error.com had been registered.
The scam is believed to be up and running for only a couple of days, the guys at Kaspersky lab believe that the snapshot from TV is almost 4 (four) months old.
Such assaults are just the same old thing, so Kaspersky began searching for a server which could be online to see what precisely the page attempts to achieve.
Unfortunately, Kaspersky couldn’t locate a live web page from that source, however while looking for the ready message appeared in the photograph, they discovered comparable domains utilized for identical scams to this.
There’s no answer from the server, whereas, still the last website recorded is online. All the site URLs specified have been hindered by Kaspersky “Web Protection” for a while.
Interestingly, every IP is linked with Amazon’s cloud (54.186.x.x, 54.148.x.x, 52.24.x.x).
Despite the fact that they utilized distinctive suppliers to enlist the site, they chose to have the vindictive pages in the cloud. This might be on account of if provides another layer of the anonymization, in light of the fact that it’s less expensive than different suppliers or on the grounds that they were uncertain about the movement and required something more scalable.
Still not able to locate a live web page, the Kaspersky continued hunting down parts of the message and a hit took them to HexDecoder from the ddecode.com. This is a website page that de-jumbles scripts or whole site pages. Shockingly, all past decodings were spared and are publically accessible.
On July 29th 2015, JavaScript selecting telephone number was published on Pastebin and it incorporates every one of the remarks that were likewise available in the example Kaspersky got from HexDecoder. This’s another pointer this isn’t another risk.
Kaspersky lab was able to get almost the same outcome later on (exactly what the user’s Smart TV screen had shown), by using the right sample.
A pop-up dialogue appears as soon as a page gets open, and yes, any browsers work for loading the page. It works equally good on Windows XP, and even if one attempts to close the popup – it gets back right there again.
Kaspersky team even got the very same result, when they ran the script on a LG Smart TV. Closing browser was possible, yet it didn’t change any DNS server or browser. Also, turning it on/off tackled the issue. It is conceivable that another malware was included for the situation described on Reddit, that changed the network or browser settings.
Remember that you ought to never call those very same numbers! As you may get charged every moment or somebody on the other end may direct you to download/install much more malware onto your device.
So in the specific situation, it’s not another sort of malware particularly focusing on Smart TVs, however, a typical risk to all web clients. There are additional reports this scam has hit clients on the Apple MacBooks; and as it keeps running in web browser, it can keep running on SmartTVs and even on the smartphones.
These sorts of dangers frequently get consolidated with adventures and might exploit vulnerabilities in Flash play, Jave or browser. On the off chance they get fruitful, they might run extra malware on gadget or change the DNS settings of your framework or home router which might prompt comparable manifestations.
Such conduct couldn’t be seen for this situation since they pernicious pages being uprooted as of now already.
Remember, there may be vulnerabilities in your TV software! Thusly it’s vital to inspect if your gadget is up-to-date. Ensure you implemented the most recent upgrades for your lovely Smart TV! A few merchants apply redesigns consequent, while others abandon it to the client to trigger upgrade manually.
There’s malware that chips away at Smart TV, yet it’s not by any means “in the wild” right now. There are a few reasons why culprits concentrate on the PC and cell phone clients rather than Smart TVs.
Be that as it may, recollect, for instance, that it’s conceivable to introduce an application from a USB stick. On the off chance that your TV runs Android, a malignant application intended for an Android cell phone may even work on your TV.
More or less, this case isn’t malware particularly focusing on Smart TVs, yet know that such sites, as with phishing by and large, work/target at any OS you’re utilizing.
Author Bio:
Ali Qamar is an Internet security research enthusiast who enjoys “deep” research to dig out modern discoveries in the security industry. He is the founder and chief editor at Security Gladiators, an ultimate source for cyber security. To be frank and honest, Ali started working online as a freelancer and still shares the knowledge for a living. He is passionate about sharing the knowledge with people, and always try to give only the best. Follow Ali on Twitter @AliQammar57
(Security Affairs – Smart Tv, malware)