If you’ve had enough with all the ransomware galore in the last two months, then I have some bad news for you. McAfee has discovered a new ransomware in the wild called LeakerLocker that targets Android Smartphones. With this ransomware, bad actors have found a new creative way to motivate individuals to pay the desired ransom. LeakerLocker does not encrypt your smartphone. Instead, it locks it out, steals user data and threatens to leak the stolen content to your contacts.
The spread of the malware was first discovered by McAfee in two apps in called Wallpapers Blur HD and Booster & Cleaner Pro in Google Play. The apps have been downloaded over 1000 times with Wallpaper Blur HD having as much as 10000 downloads. During the installation process, red flags can be noticed from the get go due to the apps requesting certain permissions like access contacts, SMS, and camera, which are not relevant to the purpose of the apps.
After rebooting the device, the malicious apps send a request to a command & control server to initialize LeakerLocker’s payload. The malware locks the screen and begins to gather user information that includes SMS messages, calls, photos, contacts, browsing history, and device information. The apps can also remotely load Dalvik Executable file(.dex) from the C2C giving the malware specific instructions or furthering its capabilities. The malware then proceeds to display a ransom note stating all the relevant information extorted and a 72-hour window to make a payment of 50 dollars to unlock and delete the files from their servers.
As always, we do not suggest the payment of any ransom because this only propagates bad behavior. McAfee has already notified Google about the malicious apps meaning they will be taken down promptly. When downloading apps, users have to be wary of the type of permissions granted to said apps. For example, if you are downloading a gaming app like Candy Crush III Electric Boogaloo Edition, there is no reason why that app should have access to your phone, camera, or emails.