Privacy-exposing ransomware
What’s the threat?
A new strain of ransomware threatens to spread your private information to your contacts unless you pay “a modest ransom” of $50 within 72 hours. This is a different tactic to most ransomware, which encrypts your files.
Called Leakerlocker, it is Android malware found in two apps that had been installed thousands of times from the Google Play store. One, called Wallpapers Blur HD, contained wallpapers you can download on your phone and tablet, while the other, called Booster & Cleaner Pro, claimed to speed up your device. The former was last updated in April; the latter in June.
When it strikes, Leakerlocker shows the message: “All personal data from your smartphone has been trasfered (sic) to our secure cloud” (see screenshot). It claims this data includes photos, emails, texts and contact numbers. Security researchers from US company Mcafee, who discovered Leakerlocker, confirmed that it can access your data. But they added there’s no evidence it actually uploads this information to its server (read more at www.snipca.com/24930).
How can you stay safe?
Always check an app’s reviews, because some comments reveal the suspicious behaviour typical of malware. For example, one review for Wallpapers Blur HD complained about it asking for “irrelevent permissions”, such as access to the phone’s contacts list. Indeed, one of the surest signs that an app is up to no good is requesting permissions that it doesn’t need.
Google has removed both apps, eliminating the immediate danger. But we expect to see more examples of ransomware that threaten to release private information, a form of attack called ‘doxing’. Previously hackers targeted specific people, including journalists and members of the Ku Klux Klan, but Leakerlocker suggests they may be growing more indiscriminate.