A new creative and scary ransomware virus named LeakerLocker now targets Android users and spreads using malicious apps on the Google Play Store.
Unlike typical ransomware, the LeakerLocker does not encrypt files on victim’s smartphone or tablet, but it silently downloads personal images, messages and browsing history and then threatens to share it to victim’s contacts if you don’t agree to pay a $50 ransom demand.
Security researchers have detected the LeakerLocker ransomware in at least two mobile applications — Booster & Cleaner Pro and Wallpapers Blur HD. Bothe of them already have thousands of downloads in the Google Play Store.
Once installed by a user, the infected app loads malicious code from its C&C server, which instructs it to collect all sensitive data from the victim’s smartphone.
After the process is complete, the LeakerLocker ransomware locks the device home screen and displays a message that contains details of the files it claims to have stolen and holds instructions on how to pay the ransom.
According to security analysis results, LeakerLocker can steal a victim’s email address, random contacts, Chrome browsing history, some SMS messages and calls and take a picture from the camera.
All the above information is randomly chosen to display on the device home screen, which is enough to convince the victims that lots of personal data have been copied.
Both malicious applications have already been removed from the Google Play Store, but it is likely that hackers will try to infiltrate their ransomware code into other apps.