Android users are being warned about a new form of ransomware that tries to extort victims by threatening to leak private information unless the ransom is paid.
Dubbed LeakerLocker the ransomware demands $50 payment from victims in order to prevent the leak of private and potentially sensitive data such as photos, browser histories, text messages, Facebook chats, emails and GPS location data to anyone stored on the phone’s contact list.
The malware, which was discovered by researchers from security firm McAfee, is a change from typical Android ransomware, which normally encrypts sensitive files until a ransom is paid.
However, this new type of scam, which is known as Doxware, claims to upload all of the files from the infected phone to a secure cloud server controlled by the hackers.
A message displayed on infected devices reads:
“In less than 72 hours this data will be sent to every person from your telephone and email contacts list”.
“To abort this action you have to pay a modest ransom of $50. Please note that there is no way to delete your data from our secure but paying for them. Powering off or even damaging your smartphone won’t affect your data in the cloud.”
McAfee says that it found two apps in the Google Play Store which were carrying the ransomware.
The apps are called “Wallpapers Blur HD” and “Booster & Cleaner Pro” and had both been downloaded between 5,000 and 10,000 times and 1,000 and 5,000 times, respectively.
Researchers Fernando Ruiz and ZePeng Chen from McAfee said that Booster & Cleaner Pro was only able to work if the user granted it a long list of permissions prior to it being installed.
The app, which claims to speed up a device, appeared to be legitimate but soon after installation displays the ransom note on the home screen.
The researchers also said that they were unable to properly ascertain if the private data was actually uploaded to a server belonging to the hackers.
But they did say that LeakerLocker has the ability to “avoid detection in certain environments” and can be controlled remotely.
They also said they were able to confirm the payment channel had been set up but it is not known how much money the hackers have made from the scam.
If your device is infected with ransomware, the advice from McAfee is to not pay the ransom.
“We advise users of infected devices to not pay the ransom. Doing so contributes to the proliferation of this malicious business, which will lead to more attacks. Also, there is no guarantee that the information will be released.”
McAfee also said that Google is aware of the issue and is investigating.
The news comes after it was revealed Google is working on a panic mode designed to protect Android users from malware.
H/T: The Inquirer