Found in two PlayStore apps, LeakerLocker locks the screen of affected devices and demands a $50 ransom payment
Android once again ends up in the crosshairs of hackers. After SpyDealer, a very aggressive malware capable of infiltrating some of the most popular applications, McAfee researchers have discovered a new virus that threatens to send victims' history to all contacts.
Titled LeakerLocker, it is a type of ransomware, the infamous malware that encrypts users' data and asks for a ransom payment in return, peculiar. The virus, in fact, does not encrypt the affected devices, but simply blackmails users to spread their confidential information. LeakerLocker, once penetrated into Android devices, tells victims that it has made a copy of their data. According to the message on the infected phones, the victims have 72 hours to pay the hacker's fee and save their privacy.
The malware hides in the Google Play Store
The personal data that LeakerLocker claims to have access to includes history, images, phone numbers, sent and received SMS messages, Facebook messages, emails and even incoming and outgoing calls. One of the most worrying aspects is that the malware managed to pass the strict controls of the Google Play Store. In fact, LeakerLocker was found in two apps on the official Android market: Wallpapers Blur HD, a software that was supposed to offer high resolution wallpapers, and Booster & Cleaner Pro, an app that was supposed to improve smartphone performance. The two apps have been downloaded by thousands of users.
How LeakerLocker attacks
The ransomware, upon installation, asks, like a normal application, for permission to access a lot of personal data. Once the victim has downloaded one of the malicious apps, LeakerLocker locks the screen, making the threat appear on the display.
From the code analysis, it has been proven that the malware is indeed capable of reading users' data. Not all of it though. LeakerLocker, in fact, according to McAfee researchers, can access history, emails, contacts, some messages and capture images from the front-facing camera. Part of this information can be sent to the victims as evidence and copied to the hackers' server.
For now, there is no information whether the blackmail staged by the hackers is actually true, that is, whether after the deadline has passed, the cyber criminals maintain the threat and spread the data to the contacts.
McAfee experts strongly advise against paying the $50 ransom demanded. For the usual two reasons: you wouldn't be sure that the hackers are of their word, and above all, you would be feeding a criminal activity.