Android ransomware listens for unlock code
Android ransomware listens for unlock code

Symantec researchers spotted Android ransomware that will may listen to your bursts of anger and frustration once infected, but then requires you to speak the code to unlock your files.

Researchers said the latest version of Android.Lockdroid.E is equipped with third party APIs speech recognition to listen to the woes of its victims after locking a user out using a SYSTEM type window and then displaying a ransom note written in Chinese, Symantec Principal Threat Analysis Engineer Dinesh Venkatesan said in a Feb. 22 blog post.

The note also provides a QQ instant messaging ID to use in order to receive further instructions on how to pay the ransom and receive the unlock code, the blog said.

While it's unclear what benefit the threat actors gain from the speech requirements to unlock their device, Venkatesan told SC Media “there is a hypothetical advantage for the cases of disinfection utilities, but determining the unlock code and automatic keying in would be easier than having a voice synthesized to unlock the device.”

He went on to say that the ransomware doesn't actually encrypt any files and that its safe to assume the majority of victims targeted are in China.

“In general, this family of ransomware is spread by hosting them in arbitrary sites and social engineering the victims by playing with their curiosity to make them download and install,” Venkatesan said. “In a few cases, search toolbars were used to take the victims to these pages.”