The season of Ransomware continues, after the pan global impact of Wanna Cry and Petya, here comes Leaker Locker. We all know a typical Ransomware locks your file on the system and ask a ransom to decrypt. But Leaker Locker, operates in a different way, it gains access to the user’s mobile history and threatens to share it with family and friends on the device’s contact list if they do not pay a ransom of $ 50. The only good news, it is now impacting only the Andorid users.
According a to a blog post in McAfee titled Leaker Locker: Mobile Ransomware Acts Without Encryption, Fernando Ruiz and ZePeng Chen said, “ We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a payment to prevent the attacker from spreading a victim’s private information. LeakerLocker claims to have made an unauthorized backup of a phone’s sensitive information that could be leaked to a user’s contacts unless it receives “a modest ransom.” McAfee further states that the Mobile Malware Research team has identified this ransomware as Android/Ransom.LeakerLocker.A!Pkg. We reported it to Google, which says it is investigating.
Two applications on Google Play carry this threat. “Wallpapers Blur HD” has been downloaded between 5,000 and 10,000 times. It was last updated on April 7. From reviews, we can see that one user complains why a wallpaper app requests irrelevant permissions such as calls, reading and sending SMS, access to contacts, etc.
The second malicious app is “Booster & Cleaner Pro,” last updated on June 28. It has been downloaded between 1,000 and 5,000 times. Its rating is 4.5, much higher than Wallpaper’s 3.6. This rating, however, is not a safety indicator because fake reviews are very common in fraudulent apps, according to information available from McAfee.
McAfee advices users of infected devices to not pay the ransom: Doing so contributes to the proliferation of this malicious business, which will lead to more attacks. Also, there is no guarantee that the information will be released or used to blackmail victims again.