Android users are being targeted in a new type of ransomware attack that uses speech recognition as the unlock code method.
Symantec Security Response uncovered the Android.Lockdroid.E variant last month, which uses speech recognition APIs as its only method of allowing users to enter unlock codes. Users much speak the code instead of typing it in.
The ransomware attacks Android devices by using a SYSTEM window that displays the ransom note, written in Chinese. The note provides a QQ instant messaging ID as the contact method for instructions, ransom payment and the unlock code, Symantec says.
Because the device is locked, users must use another device to contact the cybercriminals. However, the difference between Android.Lockdroid.E comes in the form of a button, which triggers the microphone and starts speech recognition.
That recognition is able to detect spoken words and use heuristic methods to compare them with the expected unlock code. If it detects a match, the attackers then disables the lock screen.
The ransomware, however, stores the encoded lock screen image and unlock code in one of its Assets files.
Symantec says this ransomware method is isn’t very effective as users must still use another device to contact the attackers, however it does show that the attackers are experimenting with different ransom techniques.
According to Symantec, previous variants have used a 2D barcode ransom demand, which required the victim to scan the code with another device and then log into a messaging app, making it difficult for attackers to place ransom and for victims to pay it.
So far this ransomware has been most prevalent in China, Symantec says.
Symantec recommends that Android users:
- Keep software up to date
- Only install apps from trusted sources - do not download apps from unfamiliar sites
- Scrutinise app permissions
- Use mobile security
- Back up important data regularly