14 DAY TRIAL // An older Android ransomware is getting some new capabilities as attackers seem to be playing around with the code a bit. Android.Lockdroid.E, which has been around for about a year, is now asking victims to speak the code provided by the attackers to unlock the devices.
Folks over at Symantec warn Android users that a newly discovered Android ransomware variant comes packed with speech recognition capabilities and is now demanding victims to speak the code they received.
The researchers explain that once a device is infected with Android.Lockdroid.E, the user is locked out using a SYSTEM type window before the ransom note is displayed. Written in Chinese, the note gives instructions on how to unlock the device. The note includes a QQ instant messaging ID to contact in order to receive more instructions on how to go about paying the ransom and getting your unlock code.
A new device must be used to contact the attackers since your own is locked. Then, the note instructs users to press a button to start the speech recognition functionality. The malware then uses a third-party speech recognition API to compare the spoken words with the expected password.
"The malware stores the lockscreen image and the relevant passcode in one of its Assets files in encoded form with additional padding. I was able to extract the passcode using an automated script. Figure 2 shows a couple of examples of the types of passcodes the threat uses. It should be noted that the threat will use a different passcode for each infection," reads Symantec's blog post.
Previous method involved barcodes
This isn't the first time that attackers experimented with this particular ransomware. In the past, another variant used an inefficient 2D barcode ransom demand, which had to be scanned with another device in order to log into a messaging app to receive information about how to pay the ransom.
Since this new variant comes with several bugs as well, making it difficult to properly recognize the spoken words, they both seem to be rather inefficient. This is certainly not going to be the last we see of these attackers trying out new solutions to get their extortion method perfect.