LeakerLocker ransomware blackmails unwitting mobile app store users

News by Max Metzger

A new kind of mobile ransomware has been found lurking on the Google Play Store.

A new strain of ransomware might call for an entirely new moniker for the extortion virus: Blackmailware. Leakerlocker has been spotted by McAfee locking up  Android phones and, far from charging its victims for renewed access, threatens to send their information to their contacts if they don't pay $50 (£38).

Lee Munson, security researcher at Comparitech.com, told SC Media UK via email,  ”LeakerLocker's business model is a potentially far more lucrative one, ensnaring a massive potential pool of Android users who need to hand over a mere $50 to avoid being doxed.”

One the ransomware infects the phone, it shows its unwitting victim a short message saying, “All personal data has been transferred to our secure cloud,” including personal photos, contact numbers, SMS', calls and GPS locations as well as browsing and correspondence history.

The message continues, “in less than 72 hours this data will be sent to every person from your telephone and email contacts list. To abort this action you have to pay a modest RANSOM of $50.”

It concludes with assuring victims that there is no way to delete the data without paying for it: “Powering off or even damaging your smartphone won't affect your data in the cloud.”

However, Munson added, LeakerLocker “may not be telling the whole truth about how much user data it has filed away on the author's server – only a limited amount of information is actually swiped.”

"Thus, victims should think very carefully about paying up. While early indications suggest that paying the ransomware may lead to any snatched data being deleted, to do so is to encourage malware authors to continue creating ransomware such as this.”

McAfee discovered the new brand of ransomware lurking on two apps on the Google Play Store, “Booster & Cleaner Pro” and “Wallpapers Blur HD”, which have been downloaded as many as 15,000 times. Curiously, the Play Store's customer review systems does not seem to have caught up to the fraud as the apps were rated relatively highly at the time of discovery.

While Google keeps the Play Store safe most of the time, there are always a few rogue apps which slip through. Most recently Google removed a number of apps which spread “Judy” ad fraud malware which, as a group, had been downloaded anywhere between 8.5 and 36.5 million times.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews