New Android ransomware has been discovered by McAfee that, rather than encrypting files, instead threatens to send private information from a smartphone to the victim’s contacts.
McAfee uncovered the LeakerLocker threat, which it has found lurking in two apps in the Google Play Store: ‘Wallpapers Blur HD’ and ‘Booster & Cleaner Pro.’ Both are well-rated and appear to have been downloaded thousands of times.
It isn’t your average Android malware threat, though; as McAfee notes in its research, instead of encrypting a user’s files and making them inaccessible, LeakerLocker instead threatens to send the user’s private data to friends from his contact list.
According to the lock screen message displayed by LeakerLocker, the malware gathers a user’s photos, text messages, call history, Facebook messages, Google Chrome browser data, emails and GPS location history.
“LeakerLocker locks the home screen and accesses private information in the background thanks to its victims granting permissions at installation time. It does not use an exploit or low-level tricks, but it can remotely load .dex code from its control server so the functionality can be unpredictable, extended, or deactivated to avoid detection in certain environments,” explained McAfee’s threat advisory.
“Not all the private data that the malware claims to access is read or leaked. The ransomware can read a victim’s email address, random contacts, Chrome history, some text messages and calls, pick a picture from the camera, and read some device information.”
The ransomware, or ‘Doxware’, asks for a $50 payment via a credit card transaction and demands that users pay within 72 hours.
“We advise users of infected devices to not pay the ransom: Doing so contributes to the proliferation of this malicious business, which will lead to more attacks,” McAfee advises. “Also, there is no guarantee that the information will be released or used to blackmail victims again.”
Google has been alerted to the threat by McAfee and says is currently investigating it.