Ransomware Lurking In Google Apps Threatens To Send Your Web History, Photos To Your Friends

0

A creative strain of Android ransomware, which is programmed to send victims’ personal information and web history to their contacts, has been found lurking in the Google Play Store.

Cyber security experts at McAfee found the malicious ransomware, dubbed LeakerLocker, does not follow the traditional trends of a ransomware; instead, it makes a copy of the users’ data and threatens to share it with phone and email contacts.

However, like any ransomware, the money gets involved; the hackers ask for $50 in exchange for not sending users’ web history, emails, current or previous location, Facebook messages, and text messages to their family and friends.

Wallpapers Blur HD and Booster & Cleaner, two applications in the Google Play Store marked ‘safe’ with standard ratings, carry the threat to infect your phone should you refuse to pay the $50 ransom it demands.

Wallpapers Blur HD has been downloaded between 5,000 and 10,000 times and has a rating of 3.6 stars (out of five). Booster & Cleaner Pro has between 1,000 and 5,000 downloads and a 4.5-star rating. Since both the applications have good ratings, researchers believe the hackers gave them fake reviews.

According to McAfee, the fraudulent apps request irrelevant permissions such as making calls, reading and sending text messages, and access to personal contacts.

When users grant permissions during installation, LeakerLocker locks the home screen and accesses private information in the background.

A message is displayed that contains details of the data it claims to have stolen and holds instructions on how to pay the ransom to ensure the information is deleted.

Though the experts assure the ransomware has limited access, they agree it can read a victim’s email address, personal contacts, Chrome history, text messages and calls, pick a picture from the camera, and read device information.

The information accessed is randomly chosen to display via JavaScript, but the hackers convince the victims that a lot of data has been copied on their server so the victims get panicked and decide to make the payment.

Users who do install the malware will see a pop-up message (left) that contains details of the data it claims to have stolen. It also holds instructions of how to pay the ransom to ensure the information is deleted (right).

McAfee says users must not pay the $50 ransom:

“Doing so [paying the ransom] contributes to the proliferation of this malicious business, which will lead to more attacks. Also, there is no guarantee that the information will be released or used to blackmail victims again.”

UPDATE:

When McAfee informed Google about LeakerLocker, the search engine promptly removed both the applications from its Play Store.