Dealing with Android ransomware: “tell me the unlock code”

It seemed that there was no virus that could surprise virus researchers anymore. Little did they know how wrong they had been. An updated version of Android.Lockdroid.E ransomware introduces a new feature: the malware instructs its victims to say the unlock code. The virus exploits a third-party voice recognition application to record the victims’ message. Since it is a file-encrypting malware, the racketeers instruct users to communicate with them and transfer the ransom. Consequently, they would receive an unlock code. Another interesting peculiarity is that this malware is written in Chinese. In the meantime, it mainly targets Chinese Android users. However, the thought that you are safe, even if you are not a Chinese speaker, might be too pernicious.

It is common knowledge that mobile devices are far more vulnerable to cyber attacks than PCs. Each year more and more users shift to using mobile devices rather than standalone computers. On the other hand, a significant percent of that community does not take care of extra security measures. Likewise, it gives inspiration for hackers to launch more destructive penetration campaigns. Android devices[1] are also criticized for their vulnerability to viruses[2]. At this point, gearheads have tried to break into devices by enwrapping Android virus in the disguise of a fake battery saving app[3]. Regarding the detected versions of Android ransomware, you might be astonished by its diverse shapes[4].

Hackers do not cease to astonish with more complex versions of Android ransomware.

The case of this latest version Android.Lockdroid.E certainly triggers curiosity. By employing SYSTEM type window, the ransomware blocks the device. The ransom message indicates further steps to unlock the device. Victims are supposed to contact the felons using a QQ instant messaging ID[5]. After transferring the ransom, the crooks would send a decrypting code. Here comes the interesting part: you have to speak the code. The analysis reveals that an API voice recognition program allows recording the message quite well by clearing inaccuracies. Dinesh Venkatesan notes that the password might be retrieved from the source code of the ransomware. Unfortunately, the malware generates a different code for each affected device. However, the virus contains obvious flaws, e.g., a victim has to use another device for completing the steps which burdens the entire decryption process. To sum up, Android.Lockroid.E serves as a reminder to keep your phone up-to-date and be vigilant while downloading and running a new app on your device.

About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions

References
Files
Software
Compare