After episodes of WannaCry and Petya ransomware, a new LeakerLocker ransomware (but creative) is spreading through special applications from the Google Play Store, this time aimed at Android Android users.
Nicknamed LeakerLocker, LeakerLocker ransomware in Android does not encrypt files on the victim’s device, unlike traditional ransomware, but secretly collects personal pictures, messages and browsing history and threatens to share it with your contacts if you do not pay $ 50 pounds).
Researchers at security firm McAfee have identified LeakerLocker ransomware in at least two applications – Booster and Pro Cleaner and HD Blur Funds – in the Google Play store, which has thousands of downloads.
Also Read: Critical Vulnerabilities Found In Windows NTLM Security Protocols
To avoid detection of harmful characteristics, applications initially contain no harmful payload and typical functions as legitimate applications.
But once installed by users, applications load malicious code from your command and control server, which signals them to collect a large amount of confidential data from the victim’s phone – thanks to its victims granting unnecessary permissions during installation.
The LeakerLocker Ransomware then blocks the home screen and displays a message that contains the details of the data it claims to have stolen and has instructions on how to pay the ransom to ensure that the information is deleted.
The message of redemption reads:
All personal information from your smartphone has been transferred to our secure cloud.
In less than 72 hours this data will be sent to all persons on your phone list and email contacts. To stop this action you have to pay a modest $ 50 bailout (£ 38).
Keep in mind that there is no way to erase your data from our insurance, but paying them. Turning off or even damaging your smartphone will not affect your data in the cloud.
AlthoughLeakerLocker ransomware states that backed up all sensitive information, including personal photos, contact numbers, SMS, GPS calls and locations, and the history of navigation and correspondence, researchers believe that only a limited number of victims is the harvest.
Also Read: Private Decryption Key Released For Original Petya Ransomware
According to the researchers, LeakerLocker Ransomware can read the victim’s email address, random contacts, Chrome history, some text messages, and calls, take a picture of the camera and read some information about the device.
All the information above is randomly selected to appear on the device screen, enough to convince them that much data has been copied.
Both malicious applications have been removed from the Google Play Store, but it is likely that hackers will try to smuggle their software in other applications.
If you have installed any of the applications, uninstall it at this time.
But if you are hit by LeakerLocker ransomware and you are worried about your apps and photographs that have leaked to attractive friends and family, it is possible to consider repaying a ransom.
Do not pay the ransom! If it does, motives for cybercriminals to carry out such attacks, and there is no other guarantee that the stolen information will be erased by the hackers of its servers and will not be used to blackmail the victims again.