Smart devices are great. Until they’re not. Like when your smart TV is infected with DNS hijacking malware and refuses to do what it’s actually supposed to do, which is to let you watch TV.
That’s the situation that a Reddit user found on his sister’s smart TV recently, reporting that after hitting a specific domain with the Web browser built into the TV, a pop-up appeared on the screen. The pop-up warned that the site the user was trying to visit contained malware and might be able to steal or delete data from the TV. The dialog box also encouraged the user to call a phone number “for technical support.”
The malware prevented the user from taking going to any other sites or doing anything else on the device. This is a common tactic on PCs and is sometimes related to ransomware infections that demand money in order to free up the computer. Now these malware infections are beginning to show up on non-PC devices.
Researchers at Kaspersky Lab took a look at the infection method and whether the malware specifically targeted TVs or would infect other devices, as well. They quickly discovered that the domain used to infect the TV was offline but some others associated with it were still online, hosted on Amazon domains. They eventually found the original HTML file used in the infection and discovered some Javascript that selected the phone number to display to the user based on the geographic location. That script had been posted online in July 2015.
Now these malware infections are beginning to show up on non-PC devices.
The researchers loaded the malware file onto a PC and got a similar infection and dialog as appeared on the Reddit thread.
“We also ran the file on a Samsung Smart TV and got the same result. It was possible to close the browser, but it did not change any browser or DNS settings. Turning it off and on again solved the problem as well. It is possible that other malware was involved in the case reported on Reddit, that changed the browser or network settings,” Dirk Kolberg of Kaspersky Lab wrote in an analysis of the malware.
Many smart devices, including TVs, run a version of Android, an operating system that attackers are familiar with and understand well. As more and more devices that aren’t general purpose computing devices, such as TVs, appliances, or cars, become connected, attackers and scammers are taking notice and adapting their tactics to them.
Photo from Flickr stream of Jan Ramroth.
