Security researchers have uncovered a new form of ransomware that does not encrypt files to extort payments from victims.
Instead, this rogue mobile ransomware – spotted by researchers on Google Play – works by blackmailing victims with the threat of spreading their private information, including personal photos, contact details, messages, Facebook messages, browsing history, emails and more, to every person on the victim’s phone and email contact list.
The threat reads:
In less than 72 hours this data will be sent to every person from your telephone and email contacts list. To abort this action you have to pay a modest RANSOM of $50.
Upon discovery, security researchers at McAfee’s Mobile Malware Research arm labeled the ransomware as ‘Android/Ransom.LeakerLocker.A!Pkg.’, dubbing it the LeakerLocker malware.
Two particular Google Play applications have been – so far – discovered to spread the ransomware. ‘Wallpapers Blur HD’, an app that has been downloaded between 5,000 and 10,000 times is one. The second, ‘Booster & Cleaner Pro’ has been downloaded between 1,000 and 5,000 times but has a much higher rating at 4.5 compared to Wallpapers Blur’s 3.6, giving it further false credibility among unsuspecting users.
Researchers further revealed:
LeakerLocker locks the home screen and accesses private information in the background thanks to its victims granting permissions at installation time. It does not use an exploit or low-level tricks but it can remotely load .dex code from its control server so the functionality can be unpredictable, extended, or deactivated to avoid detection in certain environments.
Digging further, researchers discovered that the malware does not read or leak all the private data it claims to have access to. However, the ransomware is able to access the victim’s email address, Chrome history, random messages and calls, a picture from teh camera roll and other device information.
In the event of a successful payment (extortion), a screen message reads “our [sic] personal data has been deleted from our servers and your privacy is secured.”
Both apps have been reported to Google and can no longer be found on the Android platform’s Play Store.
Image credit: Pixabay.