LeakerLocker Ransomware: Following the WannaCry and Petya epidemics, a very different ransomware was launched through fake apps on the Google Play Store. Yes this time it is targeted to mobile Android users.
It's called LeakerLocker. The ransomware for Android does not encrypt the files of the victim's device, unlike traditional ransomware, but secretly collects personal images, messages and the record your browser.
Immediately afterwards, he threatens the victim by sending all personal data to his contacts stored on the mobile device if he does not pay 50 dollars.
Her researchers McAfee Security Company have detected ransomware LeakerLocker in at least two applications, Booster & Cleaner Pro and Wallpapers Blur HD, available in the Google Play Store. Both applications have thousands of downloads.
To prevent malware detection, applications are initially free of malicious code and function like any legitimate application.
Once installed by users, the applications download the malicious code from the command server and control, which instructs them to collect a huge amount of sensitive data from the victim's phone, after the victims granted it the necessary permissions during installation.
Then, LeakerLocker ransomware locks the home screen and displays a message containing details about the data it claims to have stolen. The device lock screen also contains instructions on how malicious software victims can pay ransoms to ensure that the information is deleted.
LeakerLocker Ransomware The message states:
All privacy from your smartphone have been transferred to our secure cloud.
In less than 72 hours, this data will be sent to every person in the contact list of your phone and e-mail. To cancel this action, you must pay a $ 50 ransom (£ 38).
Please note that there is no way to delete your data from the cloud. Turning off or destroying your smartphone will not affect your data in the cloud.
LeakerLocker Ransomware What Happens?
Although ransomware claims to have backed up all of your sensitive information, including personal photos, contact numbers, SMS, calls, GPS locations and browsing and mail history, researchers believe it only collects a limited number of data from his victims.
According to the researchers, LeakerLocker can read a victim's e-mail address, random contacts, Chrome history, some text messages and calls, take a photo from the camera, and read some information about the device.
All of the above information is randomly selected for an appearance on the device screen, which is sufficient to convince the victims that many data has been copied.
What can I do;
Both malicious applications have already been deleted by Google, but it's possible that scammers will try to pass their software onto other apps.
If you have one of the two applications installed, you should disable them.
If you have hit the ransomware and you are worried about the sexy photos that can leak to your friends and relatives, you may be thinking of paying the ransom.
But it's good to know that security researchers suggest you do not pay Ransom! This encourages criminals to carry out similar attacks and there is no guarantee that your stolen information will be deleted by the hackers and will not be used again to blackmail you.
