New LeakerLocker Android ransomware found in the Google Play store threatens to send victims’ private information to their contacts
New Android ransomware found lurking in apps in the Google Play store threatens to send victims’ private information to contacts, rather than encrypting and locking files.
McAfee uncovered the LeakerLocker threat, which it found lurking in two apps in the Google Play store: ‘Wallpapers Blur HD’ and ‘Booster & Cleaner Pro.’ Both are well-rated and appear to have been downloaded thousands of times.
Instead of encrypting users’ files and making them inaccessible, LeakerLocker threatens to send users’ private data to friends from their contact list.
According to the lock screen message displayed by LeakerLocker, the malware gathers a user’s photos, text messages, call history, Facebook messages, Google Chrome browser data, emails and GPS location history.
« LeakerLocker locks the home screen and accesses private information in the background thanks to its victims granting permissions at installation time.
« It does not use an exploit or low-level tricks, but it can remotely load .dex code from its control server so the functionality can be unpredictable, extended, or deactivated to avoid detection in certain environments, » explained McAfee’s threat advisory.
« Not all the private data that the malware claims to access is read or leaked. The ransomware can read a victim’s email address, random contacts, Chrome history, some text messages and calls, pick a picture from the camera, and read some device information. »
The ransomware, or ‘Doxware’, asks for a $50 payment via a credit card transaction and demands that users pay within 72 hours.
« We advise users of infected devices to not pay the ransom: Doing so contributes to the proliferation of this malicious business, which will lead to more attacks, » McAfee advises. « Also, there is no guarantee that the information will be released or used to blackmail victims again. »
Google has been alerted to the threat by McAfee and says is currently investigating it.
