Symantec issued a security response on Wednesday (Feb. 22) concerning a new variant of Android ransomware that uses speech recognition APIs and forces victims to vocalize an unlock code rather than typing it in.
The malware threat, known as Android.Lockdroid.E, locks an infected device and then displays a ransom note in Chinese that gives instructions to contact the cybercriminals directly for further instructions on how to pay the ransom and unlock the phone. Victims are directed to press a button to initiate the speech recognition functionality and the malware-using third-party APIs to compare the spoken words to the expected code.
“This latest technique of using speech recognition is also rather inefficient as the victim must still use another device to contact the criminals,” Dinesh Venkatesan said in the Symantec blog post.
“While analyzing these latest Android.Lockdroid.E variants, I observed several implementation bugs such as improper speech recognition intent firing and copy/paste errors. It’s clear that the malware authors are continually experimenting with new methods to achieve their goal of extorting money from their victims. We can be certain this isn’t the last trick we’ll see from this threat family,” Venkatesan continued.
It’s long been known that Android devices aren’t as secure as Apple’s iOS, but a report released in November revealed that some Android devices could get infiltrated with software that tracks a user’s behavior through their mobile device, including phone calls and text messages, and sends the data to China.
According to the report, the infections were discovered by security firm Kryptowire, which said it could be a potentially serious security risk. The report claimed that China-based Shanghai Adups Technology developed the software, which is installed on an unknown amount of Android-based devices. The information stolen, which includes contact lists, call logs and other sensitive personal information, is sent automatically to Adups every 72 hours, noted the report, citing Kryptowire. The report also stated the software could be used to remotely install additional software on the infected devices without the owner even knowing it. In the report, Kryptowire said Adups’ software is running on 700 million devices around the world, with most of its clients being small Chinese device markers.