Talking Android Ransomware Plagues Chinese Users

A new variation of Android lockscreen malware is doing the rounds in China, locking users out of their smartphones and delivering a ransomware message via a female voice.

‘Android/LockScreen.Jisut,’ a member of the well-known Jisut ransomware family, is able to reset the PIN code on Android devices and sets the user a price tag of 40 Yuan (roughly $6 or £4.80) in order to regain access.

“This talking Android ransomware spreads via a malicious dropper used to decrypt and run the payload,” writes ESET. “The infection process is activated after the user manually opens the malicious app and taps the “Click for free activation” button.

“Subsequently, the victim is asked to grant admin rights to the malware, making it difficult to remove or uninstall the app. On top of that, the device is locked down and the ransom voice message played.”

Android ransomware

But that’s not all. The malware has other malicious intentions, namely attempting to steal user credentials for the Chinese social network QQ.

It tries to trick users by displaying a fake login screen almost identical to that shown by the legitimate service. Any username of password entered is sent directly to the attackers, followed by a ransom demand and information on how to carry out the payment.

If the user manages to close the app, the malware changes the device’s PIN code to one unknown to the victim, locking them out of their phone or tablet.

To get rid of Android/Lockscreen.Jisut, ESET recommends manually revoking the admin rights to allow you to uninstall the app, carrying out a factory reset to return the device to its original state or using Android Debug Bridge to communicate with the device via command line.

The security warning for Android devices have been coming thick and fast over the last couple of months, despite Google’s constant attempts to patch flaws before they can be exploited.

So far this year we’ve seen warning of fake Super Mario Run apps that target financial data, the return of advertising malware HummingBad with boosted capabilities that make it harder to detect and a form or ransomware that disguises itself as a Pornhub app.

Quiz: Are you a security pro?

Sam Pudwell

Sam Pudwell joined Silicon UK as a reporter in December 2016. As well as being the resident Cloud aficionado, he covers areas such as cyber security, government IT and sports technology, with the aim of going to as many events as possible.

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago