Leaklocker Ransomware Threatens to Leak Private Data
Leaklocker is a new “Humiliating” Ransomware that threatens to leak private information on an infected smartphone to all people on the telephone and email contact list on the device. This malware is a screenlocker ransomware that does not encrypt any information. The Leaklocker Ransomware is capable of infecting Android smartphones.
The Malicious Apps
As of now, cyber security experts have discovered the Leaklocker android malware on two apps – “Wallpapers Blur HD” and “Booster & Cleaner Pro”. The surprising factor is that these apps have been on the Google Play Store, and have been downloaded thousands of times.
These apps have quite good ratings, which raise suspicions that fake reviews are rampant in the Google Play Store. These two fraudulent apps are Trojans that carry a malicious hidden payload that seems to have bypassed the Play Store’s security scrutinizing measures.
How the Trojan Ransomware Works
When the “Booster & Cleaner Pro” app is installed it discretely asks for malicious permissions in such a way that does not raise suspicion. It gets installed if the device owner allows those permissions. When run, it initially demonstrates the features of a typical booster app with a junk cleaner, memory booster, apps manager and battery saver. Later, it completes installation of the malware and locks the smartphone’s screen. It now can possibly connect to a Command-and-Control Server and download other malware payloads. The interesting factor is that with the permissions already granted by the device user, it can download and run any type of malware.
Leaklocker Ransomware threatens that it has taken a backup of contacts, email addresses, photos, Chrome browser history, phone calls and text messages. In reality, however, the functionality of this ransomware seems to be limited. It is found to be capable of reading some of the data but had not been able to exfiltrate the data.
If the victim succumbs to the threat and pays the ransom by credit card, the Leaklocker Ransomware displays a message that it has deleted the stolen data and that the victim is safe; and if the payment fails it displays a warning that it has not yet received any payment and that the victim’s privacy is still in danger.
Cyber security experts advise not to pay any ransom for any type of ransomware threat as there is no guarantee that the cyber criminals would release the lock on the device or provide the decrypting password or return the stolen data.
There will always be malware threats to all types of operating systems. And for the Android operating system, the threat is more as thousands of new apps are submitted to Google every day. Though it has implemented significant security measures, apps with malware somehow sneak into the Play Store. Google is constantly upgrading its vetting and scrutiny process. However, as owners of the devices, it is prudent to take appropriate security measures. There are robust antimalware and antivirus programs, and there are mobile device management systems that can ensure the protection of the device from new and emerging Android malware threats such as the Leaklocker Ransomware.
Julia Sowells957 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.