LeakerLocker Ransomware Targeting Android Devices to Extract and Leak Data
Android devices have continuously been a target of different types of malware. This new threat is called LeakerLocker (its full name is Android/Ransom.LeakerLocker.A!Pkg) and is of the extortionware type - a less common version of the popular ransomware. The method of propagation this time is seemingly legitimate apps on the Google Play Store. Two Android applications are confirmed to be spreading LeakerLocker – Cleaner Pro and Wallpapers Blur HD.
LeakerLocker Spreading Culprit #1: Wallpapers Blur HD
Wallpapers Blur HD has allegedly been downloaded by somewhere between 5,000 and 10,000 Android users. One wary user had noticed the excessive permissions (access to contacts, SMS, calls, etc.) that Wallpapers Blur HD requests and left a review noting this.
LeakerLocker Spreading Culprit #2: Booster & Cleaner Pro
This application has been less popular than Wallpapers Blur HD with only 1,000 to 5,000 downloads. Weirdly enough, this app's malicious intentions have apparently gone under the radar of its users who have granted it with 4,5 out of 5 stars review! This, however, could be explained by the nature of the service that Booster & Cleaner Pro offers.
Unlike Wallpapers Blur HD, which would cause suspicion when it requires all the permissions previously mentioned, Booster & Cleaner Pro is meant to boost the functionality and efficiency of one's Android device as a whole. With this in mind, it doesn't appear nearly as worrying when this app asks for access to so many functions, and the user is much more likely to grant the permissions it requires. When the app gets the permissions it was looking for and starts seemingly functioning like an ordinary booster app it would lock the screen the of Android device. It would then proceed to go through the data of the victim. LeakerLocker claims to be able to access and make a copy of all of the user's data. This is not true. Only a part of the data is available to the threat – it can read some of the information about the device it's infiltrated, get some of its texts, the Chrome history, several calls, a few random contacts, the user's email address, and one photo from the camera roll. To lure the user into believing the claim that LeakerLocker has all the data it claims, the threat presents the victim with a JavaScript list of the supposedly hijacked data.
What Happens If You're Device is Infected
It's not that surprising that this has been unnoticed by common Android users as the apps do offer what they claim, they both function as intended but hide a Trojan payload. The creators of LeakerLocker ask for a "modest" ransom in the form of $50 to unlock the infiltrated device and wipe out the stolen data from their servers. However, unless their demands are met within 72 hours of infection, the cyber crooks claim that the data they've collected from the user will be sent to every phone number and email address on the victim's phone. Despite the fact that some cyber criminals know well how to employ social engineering tactics and basically bully their victims into paying them, we urge you to not take up this road. Not only will you sponsor them to create more of those pests, but there is also no guarantee that the authors of the malware will do their part of the deal.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.