Story image

Listen up: Android.Lockdroid.E ransomware makes victims speak out loud

13 Mar 17

Android users are being targeted in a new type of ransomware attack that uses speech recognition as the unlock code method.

Symantec Security Response uncovered the Android.Lockdroid.E variant last month, which uses speech recognition APIs as its only method of allowing users to enter unlock codes. Users much speak the code instead of typing it in.

The ransomware attacks Android devices by using a SYSTEM window that displays the ransom note, written in Chinese. The note provides a QQ instant messaging ID as the contact method for instructions, ransom payment and the unlock code, Symantec says.

Because the device is locked, users must use another device to contact the cybercriminals. However, the difference between Android.Lockdroid.E comes in the form of a button, which triggers the microphone and starts speech recognition. 

That recognition is able to detect spoken words and use heuristic methods to compare them with the expected unlock code. If it detects a match, the attackers then disables the lock screen. 

The ransomware, however, stores the encoded lock screen image and unlock code in one of its Assets files.

Symantec says this ransomware method is isn’t very effective as users must still use another device to contact the attackers, however it does show that the attackers are experimenting with different ransom techniques. 

According to Symantec, previous variants have used a 2D barcode ransom demand, which required the victim to scan the code with another device and then log into a messaging app, making it difficult for attackers to place ransom and for victims to pay it.

So far this ransomware has been most prevalent in China, Symantec says. 

Symantec recommends that Android users:

  • Keep software up to date
  • Only install apps from trusted sources - do not download apps from unfamiliar sites
  • Scrutinise app permissions
  • Use mobile security
  • Back up important data regularly
Hillstone CTO's 2019 security predictions
Hillstone Networks CTO Tim Liu shares what key developments could be expected in the areas of security compliance, cloud, security, AI and IoT.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.