It has been announced by Symantec last February 22, 2017 that they had a security response which is all about a new Android ransomware variant which uses speech recognition APIs and forces victims to vocalize an unlock code rather than typing it in.
Dubbed as Android.Lockdroid.E, which definitely fits the name, locks an infected device and then displays a ransom note in Chinese that gives instructions to contact the cyber criminals directly for further instructions on how to pay the ransom and unlock the phone.
So what does this mean? Basically, the victims are directed to press a button to initiate the speech recognition functionality and the malware-using third-party APIs to compare the spoken words to the expected code.
Interesting enough, this new technique using speech recognition is inefficient due to the obvious fact that the victim needs another device to contact the criminals.
“While analyzing these latest Android.Lockdroid.E variants, I observed several implementation bugs such as improper speech recognition intent firing and copy/paste errors.
This is a very clear indicator that the malware authors have not yet fine tuned it and is constantly experimenting with new methods to achieve their goal. As a matter of fact extorting money from their victims is their main goal and newer tricks and techniques will be developed from this malware.
In comparison to Apple’s iOS, Android devices are not as secure. A report released in November revealed that some Android devices could get infiltrated with software that tracks a user’s behavior through their mobile device, including phone calls and text messages, and sends the data to China.
Security firm Kryptowire discovered the ransomware and have expressed their concerns that this new threat might be a serious security risk. The reason being is that, a report claimed that China-based Shanghai Adups Technology developed the software, which is installed on an unknown amount of Android-based devices. The information stolen, which includes contact lists, call logs and other sensitive personal information, is sent automatically to Adups every 72 hours, noted the report, citing Kryptowire. The report also stated the software could be used to remotely install additional software on the infected devices without the owner even knowing it. In the report, Kryptowire said Adups’ software is running on 700 million devices around the world, with most of its clients being small Chinese device markers.
