This Crazy Android Ransomware Demands Victims Speak Code to Unlock Phone

Attackers of an older Android ransomware are adding some new capabilities to it by playing around with the source code a little bit. Android.Lockdroid.E is the malware which has been around for about a year, is it is now asking its victims to speak the code provided by its authors to unlock the attacked devices.

The folks over at the Symantec warn the Android users that a latest Android ransomware variant comes with speech recognition capabilities and it is now demanding the poor victims to speak the code they have received.

Researchers explain that once a device is infected with this Android.Lockdroid.E, the user not allowed to access to his device and he is locked out using a SYSTEM type window before displaying the ransom note. The note is written in Chinese and ti gives instructions on how user can unlock the device.The note also includes a QQ instant messaging ID for contacting if needed more information about how to pay the ransom and get the device unlocked by receiving the code.

The user needs access to a new device to contact the attackers since his old one is hacked by them. Then, note instructs the users to press a button which starts the speech recognition functionality The malware then makes use of a third-party speech recognition API to compare the user spoken words with the expected password.

“The malware stores the lock screen image and the relevant passcode in one of its Assets files in encoded form with additional padding. I was able to extract the passcode using an automated script. Figure 2 shows a couple of examples of the types of passcodes the threat uses. It should be noted that the threat will use a different passcode for each infection,” reads Symantec’s blog post.

This isn’t the first time that attackers experimented with this particular ransomware. In the past, another variant used an inefficient 2D barcode ransom demand, which had to be scanned with another device in order to log into a messaging app to receive information about how to pay the ransom.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients