SecurityBrief Asia logo
Story image

Listen up: Android.Lockdroid.E ransomware makes victims speak out loud

13 Mar 2017

Android users are being targeted in a new type of ransomware attack that uses speech recognition as the unlock code method.

Symantec Security Response uncovered the Android.Lockdroid.E variant last month, which uses speech recognition APIs as its only method of allowing users to enter unlock codes. Users much speak the code instead of typing it in.

The ransomware attacks Android devices by using a SYSTEM window that displays the ransom note, written in Chinese. The note provides a QQ instant messaging ID as the contact method for instructions, ransom payment and the unlock code, Symantec says.

Because the device is locked, users must use another device to contact the cybercriminals. However, the difference between Android.Lockdroid.E comes in the form of a button, which triggers the microphone and starts speech recognition. 

That recognition is able to detect spoken words and use heuristic methods to compare them with the expected unlock code. If it detects a match, the attackers then disables the lock screen. 

The ransomware, however, stores the encoded lock screen image and unlock code in one of its Assets files.

Symantec says this ransomware method is isn’t very effective as users must still use another device to contact the attackers, however it does show that the attackers are experimenting with different ransom techniques. 

According to Symantec, previous variants have used a 2D barcode ransom demand, which required the victim to scan the code with another device and then log into a messaging app, making it difficult for attackers to place ransom and for victims to pay it.

So far this ransomware has been most prevalent in China, Symantec says. 

Symantec recommends that Android users:

  • Keep software up to date
  • Only install apps from trusted sources - do not download apps from unfamiliar sites
  • Scrutinise app permissions
  • Use mobile security
  • Back up important data regularly
Story image
Users becoming more savvy with COVID phishing scams
“With COVID-19 being around for over a year now and employees becoming more aware of the types of scams that have come out related to the pandemic, cyber criminals are having less success with related phishing attacks."More
Story image
5G network security a US$9 billion dollar opportunity - report
The cloud-native nature of 5G networks will have a disruptive and positive impact on the cybersecurity industry in the next few years, with 5G network security presenting a US$9 billion enterprise market opportunity by 2025.More
Link image
Sophos solution steps up the MDR game
Other Managed Detection and Response services simply notify you of attacks. With Sophos Managed Threat Response, a team of threat hunters take targeted actions to neutralise advanced threats.More
Story image
Major firms disclose breaches in the wake of SolarWinds attack
Microsoft, Shell, GoDaddy, MobiKwik — these are just some of the high-profile company's on the receiving end of sophisticated attacks, writes Bitglass senior director of marketing Jonathan Andresen.More
Story image
Mobile devices biggest enterprise security threat - report
Businesses have left themselves vulnerable and open to cyber criminals in the rush to ensure their workforce could operate remotely during the Covid-19 pandemic.More
Story image
Six key characteristics of a modern secure web gateway
For organisations to continue to thrive in a distributed work environment, they must ensure that security is also modernised to support new realities appropriately.More