Android ransomware requires victim to say unlock code

Friday, 24 February 2017, 9:58 am
Press Release: Symantec

Symantec Security Response – Android ransomware requires victim to say unlock code

Latest Android.Lockdroid.E variant uses speech recognition instead of typing for unlock code input.

Targets Chinese language Android users

Being a good listener is normally considered an admirable quality in a person; however, it isn’t a quality you necessarily want to find in a piece of malware. The latest variant of the Android ransomware threat Android.Lockdroid.E is a great listener. In fact, if you say the right things it might even give you back access to your phone. The threat uses speech recognition APIs and requires its victims to speak an unlock code instead of the traditional method of typing it in.

Once Android.Lockdroid.E infects a device it locks the user out using a SYSTEM type window and then displays a ransom note. The ransom note is written in Chinese and gives instructions on how to unlock the device. The note provides a QQ instant messaging ID to contact in order to receive further instructions on how to pay the ransom and receive an unlock code. Since the user’s device is locked, another device must be used to contact the cybercriminals behind the threat.

Figure 1. Lock screen with instructions

The note also instructs the victim to press a button, which starts the speech recognition functionality.

Advertisement - scroll to continue reading

The malware uses third-party speech recognition APIs and compares the spoken words heuristically with the expected passcode. If the input matches up, the malware removes the lockscreen.

The malware stores the lockscreen image and the relevant passcode in one of its Assets files in encoded form with additional padding. This latest technique of using speech recognition is rather inefficient as the victim must still use another device to contact the criminals.

It’s clear that the malware authors are continually experimenting with new methods to achieve their goal of extorting money from their victims. We can be certain this isn’t the last trick we’ll see from this threat family.

Mitigation

Symantec recommends users follow these best practices to stay protected from mobile threats:

• Keep your software up to date

• Refrain from downloading apps from unfamiliar sites and only install apps from trusted sources

• Pay close attention to the permissions requested by apps

• Install a suitable mobile security app to protect your device and data

Make frequent backups of important data

Protection

Symantec and Norton products detect the threat discussed in this blog as Android.Lockdroid.E.

Advertisement - scroll to continue reading

Did you know Scoop has an Ethical Paywall?

If you're using Scoop for work, your organisation needs to pay a small license fee with Scoop Pro. We think that's fair, because your organisation is benefiting from using our news resources. In return, we'll also give your team access to pro news tools and keep Scoop free for personal use, because public access to news is important!

Go to Scoop Pro Find out more

Find more from Symantec on InfoPages.

Business Headlines | Sci-Tech Headlines

BUSINESS, SCIENCE & TECH

Citizens of the Sea: Sailors To Revolutionise Our Understanding Of Pacific Biodiversity

The project will use DNA sequencing technology to identify thousands of species from a cup of water, with sailors collecting data to create 3D models of coral reefs and helping build a dataset of environmental variables using information on their instruments.

Netsafe: Making A Splash With Online Safety: Netsafe Launches New Flagship Programme For Kids

In response to growing concerns over New Zealand children's online safety in the fast-evolving digital landscape, Netsafe today unveiled its new, bi-lingual flagship programme Hector's World, to bridge the current gap in online safety education for vulnerable children aged 5-10 years, their teachers, parents and caregivers.

NZGBC: Flood Resilience PhD Student Widi Auliagisni Named Future Thinker Of The Year 2024

Widi Auliagisni has become the sixth young leader awarded the Future Thinker of the Year title. The annual award, run by the New Zealand Green Building Council (NZGBC), acknowledges a student or young professional who demonstrates environmental knowledge and leadership and recognizes their success and passion for greener, better buildings and communities.

Business Canterbury: European Free Trade Agreement A Game-changer For Canterbury

Business Canterbury (formerly the Canterbury Employers’ Chamber of Commerce) welcomes today’s commencement of the New Zealand-European Union Free Trade Agreement (FTA). The agreement, which has been highly anticipated by businesses, promises immediate tariff eliminations and new quota opportunities that will boost Canterbury's export revenue significantly over the next five years.

Business Canterbury: Urges Council To Cut Costs, Not Ambition For City

The Business Canterbury submission addresses concerns over a 'rates hump' and the need for the Council to maintain affordability while managing cost pressures.

Wellington Airport: On Track For Net Zero Emissions By 2028

This progress is a highlight of the airport’s annual Kaitiakitanga report released today, outlining efforts to support the environment, people and communities.

Join Scoop Pro

Submit News

Become a Member