LeakerLocker Android Malware Is Mobile Ransomware Without The Encryption

CyberCrimeMobile Appsmobile OSMobilitySecuritySecurity Management
android Fake ID flaw Bluebox

LeakerLocker goes for extortion over encryption

Android mobile ransomware that acts without encryption has been discovered by cyber security firm McAfee, noting the malware extorts payments out of its victims by threatening to spread private information. 

Dubbed LeakerLocker, the ransomware lurks behind two apps on Google’s Play Store; Wallpapers Blur HD and Booster & Cleaner Pro, both of which are supposedly well-rated apps that have been downloaded thousands of times. 

Google has been alerted to the threat by the McAfee Mobile Malware Research team and is currently investigating it. 

LeakerLocker ransomware 

LeakerLockerThrough exploiting the higher level of permissions a user allows the infected apps due to the services they offer such as boosting performance and managing apps, LeakerLocker starts its malicious activity as soon at the infected app is booted. 

“LeakerLocker locks the home screen and accesses private information in the background thanks to its victims granting permissions at installation time. It does not use an exploit or low-level tricks but it can remotely load .dex code from its control server so the functionality can be unpredictable, extended, or deactivated to avoid detection in certain environments,” explained McAfee’s threat advisory. 

“Not all the private data that the malware claims to access is read or leaked. The ransomware can read a victim’s email address, random contacts, Chrome history, some text messages and calls, pick a picture from the camera, and read some device information.” 

LeakerLocker codeFrom the infection point onward, LeakerLocker displays a random collection of information in JavaScript to convince the victims that it has access to their private data such as browsing history and contacts, and threatens to leak them unless a “modest ransom” to the sum of $50 (£38) is paid via credit card in under 72 hours. 

Once a payment is completed a message displays that the private information has been deleted from the cyber criminal’s servers. 

However, McAfee suggests victims make no such payments: “We advise users of infected devices to not pay the ransom: Doing so contributes to the proliferation of this malicious business, which will lead to more attacks. Also, there is no guarantee that the information will be released or used to blackmail victims again.”  

LeakerLocker may not be the most dangerous of ransomware but it certainly attempted to play on the paranoia people have developed around their personal information. 

It also highlights that mobile malware remains a major threat to the Android platform,  though Google is pushing to mitigate such threats with Android O

Are you a security pro? Try our quiz!

Read also :
Click to read the authors bio  Click to hide the authors bio