sb-nz logo
Story image

Listen up: Android.Lockdroid.E ransomware makes victims speak out loud

13 Mar 2017

Android users are being targeted in a new type of ransomware attack that uses speech recognition as the unlock code method.

Symantec Security Response uncovered the Android.Lockdroid.E variant last month, which uses speech recognition APIs as its only method of allowing users to enter unlock codes. Users much speak the code instead of typing it in.

The ransomware attacks Android devices by using a SYSTEM window that displays the ransom note, written in Chinese. The note provides a QQ instant messaging ID as the contact method for instructions, ransom payment and the unlock code, Symantec says.

Because the device is locked, users must use another device to contact the cybercriminals. However, the difference between Android.Lockdroid.E comes in the form of a button, which triggers the microphone and starts speech recognition. 

That recognition is able to detect spoken words and use heuristic methods to compare them with the expected unlock code. If it detects a match, the attackers then disables the lock screen. 

The ransomware, however, stores the encoded lock screen image and unlock code in one of its Assets files.

Symantec says this ransomware method is isn’t very effective as users must still use another device to contact the attackers, however it does show that the attackers are experimenting with different ransom techniques. 

According to Symantec, previous variants have used a 2D barcode ransom demand, which required the victim to scan the code with another device and then log into a messaging app, making it difficult for attackers to place ransom and for victims to pay it.

So far this ransomware has been most prevalent in China, Symantec says. 

Symantec recommends that Android users:

  • Keep software up to date
  • Only install apps from trusted sources - do not download apps from unfamiliar sites
  • Scrutinise app permissions
  • Use mobile security
  • Back up important data regularly
Story image
The current state of ransomware — and its future
Discoveries made by analysts at Sophos have unearthed a new development: ransomware code appears to have been shared across ‘families’, and some of the ransomware groups seemed to work in collaboration more than in competition with one another. More
Story image
UPDATED: RBNZ ascribes data breach to third-party file sharing service
“The nature and extent of information that has been potentially accessed is still being determined, but it may include some commercially and personally sensitive information,” says RBNZ Governor.More
Story image
IT professionals destroying end-of-life hardware over fears of data breaches - report
IT directors are destroying end of life tech hardware as opposed to erasing its data out of fear of making a mistake and facing data breaches.More
Story image
Cybersecurity strategies must involve every part of the organisation - study
In the past year, a third of the breaches incorporated social engineering techniques and the cost of a breach caused by a human error averaged to $3.33 million. More
Story image
Online gaming a 'hotbed' for DDoS attacks — report
The latency and availability issues present in online gaming, in particular, presented an attractive target to attackers, in addition to the enduring popularity of gaming in the era of COVID-19.More
Story image
As digital transformation grows in A/NZ companies, misconceptions about their role in cloud security abound
While an 81% majority of A/NZ organisations are accelerating their digital transformation, a giant 99% of surveyed respondents say they believe their cloud security provider provides enough protection, according to a Trend Micro study. More