Leaker Locker Ransomware on Google Android App: Top 5 Facts
A mobile malware makes news for all the wrong reasons. This time, though, it operates through the well known search engine Google's PlayStore app! LeakerLocker is different from other ransomware, in that it simply locks the entire mobile device. The ransomware itself has hit the headlines even as Google has initiated damage control and removed the two apps associated with it. Let's delve deeper into the latest cyberthreat to hit smartphone users.
1. Apps Permitted to Cause HarmLeakerLocker does not leverage known weaknesses on the Android OS. Instead, it works on the premise that users who install these associated apps provide the necessary permissions to potentially cause harm. The malware accesses user data such as email addresses, text messages, call history, contacts and pictures.
2. A Ransomware That Leaks Embarrassing Photos to Family, Friends The next step of this ransomware is to threaten the user with revelation of private data to family and friends if a ransom is not paid. The threats made by the software are not verified by McAfee, which unearthed the mobile malware in the first place. Users are advised not to cough up the ransom.
3. Cryptocurrency is Out. Traditional Payments are In.This ransomware does not ask for cryptocurrency payments, unlike Petya which asked for a ransom in Bitcoins. Victims are asked to make a credit card payment of $50 instead. Developers of this ransomware understand that cryptocurrency does not offer anonymity and traditional payment methods work just as well.
4. The MessageAnyone who downloads one of now removed two apps - Wallpapers Blur HD and Booster & Cleaner Pro receives a message stating the data from their smartphone has been stolen and uploaded to a secure cloud server. In less than 72 hours, this data will be sent to telephone and email contacts if the user does not pay up $50 as ransom. The message threatens that there is no way to delete the data from the secure cloud but payment. Powering off or damaging the smartphone does not affect data in cloud. While the cybercriminals state no payment made means privacy is in danger, a silver lining is that McAfee does not think this is a threat the ransomware criminals can carry through, as there is no guarantee this information will be released.
5. The Not-So-Good News McAfee said that Google has been made aware of the malicious apps and has launched an investigation. Both apps have now been removed from the Google Play store. The two apps have been downloaded a total of 15,000 times but they have both been reported to Google who are currently investigating the matter. It isn't your usual Android malware threat, though; as McAfee notes in its research, instead of encrypting a user's files and making them inaccessible, LeakerLocker instead threatens to send the user's private data to friends from the contact list.
Malware gathers a user's photos, text messages, call history, Facebook messages, Google Chrome browser data, emails and GPS location history. It can remotely load .dex code from its control server so the functionality can be unpredictable, extended, or deactivated to avoid detection in certain environments. Unfortunately, Wallpapers Blur HD has been downloaded between 5,000 and 10,000 times and has a rating of 3.6/5 stars, and Booster & Cleaner Pro has between 1,000 and 5,000 downloads and a 4.5/5 star rating. Consequently, they have been downloaded by thousands of users already. Both apps also contained incentives for downloading third party apps, which further spread the malware.
Android app users need to be alert and watch out for this malicious ransomware. Above all, McAfee cautions that paying the ransom will only encourage the criminals. So, don't pay the money and instead, work to secure your smartphone from such mobile malware threats.
