In a comment on Reddit this week, user “moeburn” raised the possibility of new malware circulating for Smart TVs:

My sister got a virus on her TV. A VIRUS ON HER GODDAMN TV.

It was an LG Smart TV with a built in web browser, and she managed to get a DNS Hijacker that would say “Your computer is infected please send us money to fix it” any time she tried to do anything on the TV.

The Reddit post included this image:

If a TV can surf the web, it can be hijacked or pick up malware. It’s a little tougher to make malware stick to smart TV browsers, but while the commenter’s outrage might be warranted, shock isn’t.

SecureList dug into this hijacker and has both good news and bad news. The good news is this particular version was only live for a few days and disappeared more than four months ago. The bad news is that there’s nothing particularly unique about the attempted hijacking. Multiple domains served as hosts for the malware, including a handful at Amazon’s cloud services.

It’s not a new threat, but spotting it on a smart TV is rather novel. SecureList chased down other versions of the same scammy Javascript — which prompts people to call a phone number to “protect” their TV from malware — including this fantastic bit of non-native English that both impersonates a Chrome warning page and suggests your TV is now a portal to a vast selection of retail outlets.


Fortunately, it appears this hijacking can be easily dodged. Even though the code prevents browsers from closing the dialog box (it will just pop up again), the threat can be nullified in other ways.

We also ran the file on a Samsung Smart TV and got the same result. It was possible to close the browser, but it did not change any browser or DNS settings. Turning it off and on again solved the problem as well. It is possible that other malware was involved in the case reported on Reddit, that changed the browser or network settings.

As SecureList points out, it’s not a smart TV-directed threat. It’s just something that will attack any browser on any device. Other variants may change browser settings or attempt to dump a malware payload, but this one appears incapable of doing so. And while it’s only a matter of time before this becomes more widespread, there are a number of factors limiting attacks on smart TVs.

  • Smart TVs are not often used to surf the web and users seldom install any app from web pages other than the vendor’s App Store – as it is the case with mobile devices
  • Vendors are using different operating systems: Android TV, Firefox OS, Tizen, WebOS.
  • Hardware and OS may even change from series to series, causing malware to be incompatible.
  • There are by far fewer users surfing the web or reading email on the TV compared to PCs or mobile devices.

But this is coupled with more bad news: if it has a browser, it can be attacked. Someone’s going to end up with a “ransomed” TV at some point… or a fridge… or anything else a manufacturer has decided would be more attractive to consumers with added connectivity.

Related Articles