Date:20/07/17
Dubbed LeakerLocker, the Android ransomware does not encrypt files on victim's device, unlike traditional ransomware, rather it secretly collects personal images, messages and browsing history and threatens to share it to their contacts if they don't pay $50.
Researchers at security firm McAfee spotted the LeakerLocker ransomware in at least two apps — Booster & Cleaner Pro and Wallpapers Blur HD — in the Google Play Store, both of which have thousands of downloads.
To evade detection of malicious functionality, the apps initially don’t contain any malicious payload and typical function like legitimate apps.
But once installed by users, the apps load malicious code from its command-and-control server, which instructs them to collect a vast number of sensitive data from the victim's phone — thanks to its victims granting unnecessary permissions blindly during installation.
The LeakerLocker ransomware then locks the home screen and displays a message that contains details of the data it claims to have stolen and holds instructions on how to pay the ransom to ensure the information is deleted.
The ransom message reads:
All personal data from your smartphone has been transferred to our secure cloud.
In less than 72 hours this data will be sent to every person on your telephone and email contacts list. To abort this action you have to pay a modest ransom of $50.
Please note that there is no way to delete your data from our secure but paying for them. Powering off or even damaging your smartphone won't affect your data in the cloud.
Although the ransomware claims that it has taken a backup of all of your sensitive information, including personal photos, contact numbers, SMS', calls and GPS locations and browsing and correspondence history, researchers believe only a limited amount of data on victims is collected.
According to researchers, LeakerLocker can read a victim's email address, random contacts, Chrome history, some text messages and calls, take a picture from the camera, and read some device information.
All the above information is randomly chosen to display on the device screen, which is enough to convince the victims that lots of data have been copied.
Both malicious apps have since been removed by Google from the Play Store, but it is likely that hackers will try to smuggle their software into other apps.
Taking the above into consideration, the Electronic Security Center under the Ministry of Transport, Communications and High Technologies has issued the following recommendations to protect Android users against the ransomware:
- If you have downloaded one of the 2 apps (Wallpapers Blur HD and Booster & Cleaner Pro), delete them immediately.
- Read reviews on apps written by users before downloading them from the Play Store.
- If the application improperly asks a permission to manage contacts, photos and calls on the phone delete it immediately.
- If your mobile phone is already infected with the ransomware and you are being asked to pay the money, don’t pay it.
Note that if you face this danger, you should call 1654 Hot Line of the Electronic Security Center or contact "team@cert.az".
Electronic Security Center warns about LeakerLocker ransomware
Some time ago, the "ICTnews" Electronic News Service issued warning about the spread of new strain of ransomware targeting Android mobile user via bogus apps on the Google Play Store.Dubbed LeakerLocker, the Android ransomware does not encrypt files on victim's device, unlike traditional ransomware, rather it secretly collects personal images, messages and browsing history and threatens to share it to their contacts if they don't pay $50.
Researchers at security firm McAfee spotted the LeakerLocker ransomware in at least two apps — Booster & Cleaner Pro and Wallpapers Blur HD — in the Google Play Store, both of which have thousands of downloads.
To evade detection of malicious functionality, the apps initially don’t contain any malicious payload and typical function like legitimate apps.
But once installed by users, the apps load malicious code from its command-and-control server, which instructs them to collect a vast number of sensitive data from the victim's phone — thanks to its victims granting unnecessary permissions blindly during installation.
The LeakerLocker ransomware then locks the home screen and displays a message that contains details of the data it claims to have stolen and holds instructions on how to pay the ransom to ensure the information is deleted.
The ransom message reads:
All personal data from your smartphone has been transferred to our secure cloud.
In less than 72 hours this data will be sent to every person on your telephone and email contacts list. To abort this action you have to pay a modest ransom of $50.
Please note that there is no way to delete your data from our secure but paying for them. Powering off or even damaging your smartphone won't affect your data in the cloud.
Although the ransomware claims that it has taken a backup of all of your sensitive information, including personal photos, contact numbers, SMS', calls and GPS locations and browsing and correspondence history, researchers believe only a limited amount of data on victims is collected.
According to researchers, LeakerLocker can read a victim's email address, random contacts, Chrome history, some text messages and calls, take a picture from the camera, and read some device information.
All the above information is randomly chosen to display on the device screen, which is enough to convince the victims that lots of data have been copied.
Both malicious apps have since been removed by Google from the Play Store, but it is likely that hackers will try to smuggle their software into other apps.
Taking the above into consideration, the Electronic Security Center under the Ministry of Transport, Communications and High Technologies has issued the following recommendations to protect Android users against the ransomware:
- If you have downloaded one of the 2 apps (Wallpapers Blur HD and Booster & Cleaner Pro), delete them immediately.
- Read reviews on apps written by users before downloading them from the Play Store.
- If the application improperly asks a permission to manage contacts, photos and calls on the phone delete it immediately.
- If your mobile phone is already infected with the ransomware and you are being asked to pay the money, don’t pay it.
Note that if you face this danger, you should call 1654 Hot Line of the Electronic Security Center or contact "team@cert.az".
Views: 428
©ictnews.az. All rights reserved.Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World