- Feb 4, 2016
- 2,520
Google has removed two apps that contained a new strain of ransomware named LeakerLocker.
Discovered by security researchers from McAfee's mobile division, the ransomware didn't encrypt users' files, but only locked their device and threatened to send the user's private data to friends from his contact list.
This type of ransomware, also referred to as doxware, has been seen in the past, but most of these threats were found to be empty.
LeakerLocker distributed via Google Play Store
This new breed of ransomware was discovered last week inside two apps named "Wallpapers Blur HD" (wallpaper changer) and "Booster & Cleaner Pro" (app to boost a phone's memory).
Google has removed both apps, but before this, the first app managed to gather between 5,000 and 10,000 downloads, while the second was downloaded between 1,000 and 5,000 times.
Based on user comments, both apps appear to have been part of a rewards program that gave users small amounts of money to install an app on their device. This type of distribution scheme is becoming popular and has been used in the past to trick users into installing malware on their devices.
Ransomware is a screen locker. Doesn't encrypt files.
LeakerLocker makes its demands via a WebView component that it displays across all other apps, locking the user's screen until he pays a ransom.
Hoping that users opt to pay, the ransomware only asks for a $50 payment via a credit card transaction.
In June, Chinese authorities arrested two individuals distributing Android ransomware after they handled payments via traceable channels. Because the LeakerLocker group handles ransom payments in a similar way, there's a high chance that authorities could track down this group as well