A new malware has been discovered under the category of ransomware which has been targeting Android users. The new threat is referred to as LeakerLocker and is usually accidentally downloaded as a backup app from the Google Play Store. As soon as it is active it locks the victim’s home screen claiming that it is creating a backup of all the sensitive information. Once the backup is complete, the victim is threatened that all his/her photos, videos and any personal data will be sent to all the friends and family in the contacts list unless a certain amount of money is paid (ransom).
The initial pop-up message will read; “In less than 72 hours this data will be sent to every person from your telephone and email contacts list. To abort this action you have to pay a modest ransom of $50,”
A follow-up threat message is displayed reading: “Please note that there is no way to delete your data from our secure but paying for them. Powering off or even damaging your smartphone won’t affect your data in the cloud.”
According to the world leading online security company, McAfee, the apps that carry the LeakerLocker threat include Wallpapers Blur HD and Booster & Cleaner Pro.
“LeakerLocker locks the home screen and accesses private information in the background, thanks to its victims granting permissions at installation time,” McAfee stated.
“Not all the private data that the malware claims to access is read or leaked. The ransomware can read a victim’s email address, random contacts, Chrome history, some text messages and calls, pick a picture from the camera, and read some device information.”
Statistics stated that Wallpapers Blur HD has been downloaded between 5000 and 10,000 times and has received an average rating of 3.6 out of 5. Booster and Cleaner Pro was reported to have been downloaded between 1000 and 5000 times. It received a average rating of 4.5 out of 5. According to Google, both apps carrying the LeakerLocker threat have been reported and there is an ongoing investigation regarding this issue. Both apps have been removed from the Google Play Store.
McAfee advised the victims infected with the LeakerLocker to refuse to pay the $50 ransom to the criminals.
“Doing so contributes to the proliferation of this malicious business, which will lead to more attacks. Also, there is no guarantee that the information will be released or used to blackmail victims again,” McAfee said.
Sadly, in reality, some victims decide to make the payment out of sheer panic. The malware will display a message requesting the victim’s credit card number to process the payment of the ransom. If the payment goes through, a follow-up message will appear reading:
“Your personal data has been deleted from our servers and your privacy is secured.”
However, in the case that the payment does not go through the following message will appear:
“No payment has been made yet. Your privacy is in danger.”
Researchers have claimed that the threat is a little overrated as not all information that the malware claims to have accessed can be read or leaked. They stated that the information that can be read by LeakerLocker include the victim’s email address, random contacts, browsing history, some text messages and calls, a picture from the camera, and some device information. This was similar to what McAfee has stated as well which makes it more believable.
The online world has become very risky with new threats appearing every day such as the LeakerLocker, however, it is up to the users to either help in the further spread of these threats or completely remove the threat and prevent it from affecting more victims. It is also up to the users to avoid being victims by avoiding downloading suspicious applications from the Google Play Store.
