Symantec Security Reponse has issued a warning against a new ransomware that is activated verbally, targeting Android phones.
The ransomware – a variant of Android.Lockdroid.E – listens to the user and waits for an unlock code to be spoken, instead of the traditional method of typing it in.
Once Android.Lockdroid.E infects a device it locks the user out using a SYSTEM type window and then displays a ransom note. The ransom note is written in Chinese and gives instructions on how to unlock the device. The note provides a QQ instant messaging ID to contact in order to receive further instructions on how to pay the ransom and receive an unlock code. Since the user’s device is locked, another device must be used to contact the cybercriminals behind the threat.
From the nature of the sample investigated by Symantec, China is the country where the ransomware is currently most prevalent.
For more information on how the malware works, please refer to the Symantec Security Response blog here.