In the latest version, found by Symantec, the hackers display a username for an instant messaging app called “QQ.” The idea is that the infected user contacts an agent of the hacker on the chat software, negotiates a payment, and, once the payment has been received and verified, the victim is given a four-digit code.
Rather than typing the code in, however, you have to speak it into your phone to get your files back.
We have seen TTS (Text To Speech) used occasionally that causes the infected computer to “read” the ransom demands from a text file, but this is the first time we’ve ever seen voice activation used to unlock files.
At present, this strain appears limited to the Chinese market, but there’s nothing that would stop the hackers from shifting to a different target.
Perhaps the most disturbing aspect of this is the pace of development. An analysis of the code reveals a great deal of churn, making it clear that there’s a concerted and ongoing effort to enhance and improve the code. This is all in an ongoing effort to make it a more efficient, effective vehicle for extracting money from infected users.
As ever, the best way to avoid infection is to ensure that any apps you install come from the Google Play Store. Third party vendors simply don’t have the same level of security, which increases your risk.