LeakerLocker Threatens to Share Your Personal Data with Your Contacts
Updated on July 13, 2021: From now on, traffic filtering, malware protection, and suspicious DNS activity blocking are available as a part of the separate DNS Firewall app.
Two applications have recently been banned from Google Play Market after they were discovered to contain a new ransomware called LeakerLocker. Unlike most such malware that threaten to encrypt or destroy your data unless you pay, this one uses a more cunning strategy. LeakerLocker wants victim to pay “a modest ransom” of $50. Otherwise, it claims to leak user’s personal information like photos and messages to all phone’s contacts.
These two affected applications are “Wallpapers Blur HD” (downloaded about 10,000 times) and “Booster & Cleaner Pro” (downloaded about 5,000 times). Both apps’ ratings were high enough at 3.6 and 4.5. However, in their reviews users complained that the apps requested irrelevant permissions like access to contacts, calls, sending and reading SMS, etc.
Expert evidence
Specialists are not done analyzing LeakerLocker yet. So far it’s pretty obvious it is a ransomware, not a virus, as it requires permissions from users to function. Moreover, experts from the McAfee Mobile Research team, who have discovered this malware in the first place, are not sure if it can live up to its threats.
It seems like LeakerLocker only gets access to some limited private data, like random contacts, victim’s email address, browser history, some text messages, and some device information. Part of this data is then randomly shown on victims’ phone screens to convince them that a lot of their information has been compromised.
So far the ransomware behaves like a usual screen locker and doesn’t encrypt files. McAfee also could not find any code responsible for transferring the data to a remote server. It looks like, at this point, the criminals simply hope that the victims will opt to pay the small ransom. However, experts warn that the malware’s executable file can be easily modified by the attacker to start performing in a different way.
How to avoid getting infected
LeakerLocker is a type of ransomware called doxware, which mostly depends on users’ ignorance. This is why first and foremost, you should always keep an eye on which permissions an application requests. Two compromised apps have been deleted from Google Play, but there is no guarantee a new one won’t appear tomorrow. Vigilance is your best defense!
Another important thing to remember is that by no means should you pay the ransom. Not only is there a chance this will not unlock your phone, but doing so also stimulates proliferation of this business.