Video | Business Headlines | Internet | Science | Scientific Ethics | Technology | Search


Android ransomware requires victim to say unlock code

Symantec Security Response – Android ransomware requires victim to say unlock code

Latest Android.Lockdroid.E variant uses speech recognition instead of typing for unlock code input.


Targets Chinese language Android users

Being a good listener is normally considered an admirable quality in a person; however, it isn’t a quality you necessarily want to find in a piece of malware. The latest variant of the Android ransomware threat Android.Lockdroid.E is a great listener. In fact, if you say the right things it might even give you back access to your phone. The threat uses speech recognition APIs and requires its victims to speak an unlock code instead of the traditional method of typing it in.

Once Android.Lockdroid.E infects a device it locks the user out using a SYSTEM type window and then displays a ransom note. The ransom note is written in Chinese and gives instructions on how to unlock the device. The note provides a QQ instant messaging ID to contact in order to receive further instructions on how to pay the ransom and receive an unlock code. Since the user’s device is locked, another device must be used to contact the cybercriminals behind the threat.

Figure 1. Lock screen with instructions

The note also instructs the victim to press a button, which starts the speech recognition functionality.

The malware uses third-party speech recognition APIs and compares the spoken words heuristically with the expected passcode. If the input matches up, the malware removes the lockscreen.

The malware stores the lockscreen image and the relevant passcode in one of its Assets files in encoded form with additional padding. This latest technique of using speech recognition is rather inefficient as the victim must still use another device to contact the criminals.

It’s clear that the malware authors are continually experimenting with new methods to achieve their goal of extorting money from their victims. We can be certain this isn’t the last trick we’ll see from this threat family.


Symantec recommends users follow these best practices to stay protected from mobile threats:

• Keep your software up to date

• Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources

• Pay close attention to the permissions requested by apps

• Install a suitable mobile security app to protect your device and data

Make frequent backups of important data



Symantec and Norton products detect the threat discussed in this blog as Android.Lockdroid.E.

© Scoop Media

Business Headlines | Sci-Tech Headlines


Robertson Speech: Budget Sees Wider Debt Target

"New Zealand is well positioned to face this instability and uncertainty, but we are not immune from its impacts. Growth rates are set to be lower than we have seen in recent years..." More>>


Commerce Commission: Spark Warned Of Broadband Price Rise

The warning follows an investigation into representations Spark made on its website and in emails in August and September 2018, notifying in-contract customers receiving its copper-based broadband service of its decision to increase the price by $5 a month. More>>

Law Commission: Resist Rushing To New “Deepfake” Law

Artificial intelligence techniques can create massive volumes of fake audio, images and video that is incredibly convincing and near-impossible to detect... While it is tempting to respond with new law, the study finds that the long list of current legislation covering the issues may be sufficient. More>>


'Contrary To US Interests': US Lockout Sees Android Ditch Huawei

Effective May 16, 2019, the Bureau of Industry and Security (BIS) amended the Export Administration Regulations (EAR) by adding Huawei Technologies Co., Ltd. (Huawei) to the Entity List. More>>