Hackers behind a new ransomware named LeakerLocker are attempting to extract money from smartphone users by threatening to release their private messages and pictures to their friends.
Hackers are injecting LeakerLocker ransomware to smartphones using two Google Play Store Apps named Wallpapers Blur HD and Booster & Cleaner Pro.
Security firm McAfee has detected a new ransomware named LeakerLocker which is being used by hackers to gain access to smartphone users’ private information that includes emails, contacts, text messages, browsing history and pictures.
Hackers behind the ransomware are demanding $50 from affected users and are threatening to reveal their confidential details to their friends if they fail to pay them.
“LeakerLocker locks the home screen and accesses private information in the background thanks to its victims granting permissions at installation time. Not all the private data that the malware claims to access is read or leaked. The ransomware can read a victim’s email address, random contacts, Chrome history, some text messages, and calls, pick a picture from the camera, and read some device information,” said McAfee.
The ransomware can enter your smartphone if you download either Wallpapers Blur HD or Booster & Cleaner Pro, two Google Play Store apps that are presently being investigated by Google.
“Wallpapers Blur HD” app has been downloaded between 5,000 and 10,000 times from the Google Play Store and requests access to calls, text messages and contacts. The Booster & Cleaner Pro app performs a boot operation and goes on to initiate a malicious activity com.robocleansoft.boostvsclean.AdActivity which locks device screens.
McAfee is advising phone users not to pay ransom to the hackers as this may embolden them to launch further attacks. At the same time, there is no guarantee that the hackers will release their control over user data even if they are paid. They may even ask users to pay them more to regain access to confidential information stored on their smartphones.
This incident is another reminder of how a recent Google security policy is endangering confidential data of Android phone users.
When Google introduced Android 6.0 Marshmallow, it brought in a feature named SYSTEM_ALERT_WINDOW thanks to which Android users could grant permissions to apps only during runtime to prevent such apps from gaining dangerous permissions automatically, such as displaying themselves over any other app without notifying users.
However, this feature caused problems for popular apps like Facebook Messenger who couldn’t display chat notifications over other apps. Considering their predicament, Google decided to do away with the feature with Android 6.0.1 Marshmallow update.
Researchers at security firm Check Point revealed that 74% of ransomware, 57% of adware, and 14% of banker malware now abuse the update as part of their operation. They added that a malicious app can now display a permanent notification on your display screen and you won’t be able to get rid of it until you pay a ransom.
“This entails a significant potential for several malicious techniques, such as displaying fraudulent ads, phishing scams, click-jacking, and overlay windows, which are common with banking Trojans. It can also be used by ransomware to create a persistent on-top screen that will prevent non-technical users from accessing their devices,” they said.
Google told the researchers that it will bring in a fix for the said vulnerability with Android O which is expected to launch later this summer. This means that Android phone users will have to contend with the security flaw for at least another month or two.