July 11, 2017 By Mark Samuels 2 min read

Two applications that contained a new strain of ransomware known as LeakerLocker have been removed from the Google Play store. Rather than encrypt user files, according to McAfee, the ransomware in question locked the device and threatened to spread sensitive data.

Ransomware has become big news in recent weeks. More than 200,000 computers were hit by the first wave of the WannaCry ransomware attack in May, and researchers concluded that the Petya variant attacks that started on June 27 were intended to destroy data in Ukraine.

LeakerLocker Lurks in Android Apps

The McAfee team, which reported the threat to Google, identified the threat as Android/Ransom.LeakerLocker.A!Pkg. This new breed of ransomware was discovered in a wallpaper changer app known as Wallpapers Blur HD and a memory-boosting app called Booster & Cleaner Pro.

Upon successful installation, the ransomware locks the device’s home screen and accesses private information in the background through permissions granted during installation. The app can remotely load .dex code from its control server to change behavior and avoid detection.

Bleeping Computer reported that this type of ransomware, also referred to as doxware, has been seen before, but most of the earlier threats were empty.

Once it infects a device, LeakerLocker displays a message claiming that it has backed up the victim’s personal data to a secure cloud, McAfee reported. Then the malware attempts to extort a $50 ransom from the victim to prevent the spreading of private information to his or her contacts.

Don’t Trust the Reviews

Both Wallpapers Blur HD and Booster & Cleaner Pro apps received relatively good ratings on Google Play. However, McAfee researchers noted that fake reviews are common in fraudulent apps. However, one potentially real reviewer of Wallpapers Blur HD questioned why the app requested irrelevant permissions, such as making calls, sending SMS messages and accessing contacts.

McAfee experts have not identified code to help transfer user information to a remote server or to distribute personal contacts. Even if the ransomware is a scam, it would be unwise to rule out the possibility that it could download an additional module from its server to make good on its threat to disseminate personal data.

Google removed both apps. Unfortunately, Wallpapers Blur HD gathered between 5,000 and 10,000 downloads, while Booster & Cleaner Pro was downloaded between 1,000 and 5,000 times.

Responding to Ransomware

McAfee researchers advised users of infected devices not to pay the ransom, since doing so would help to support the malware business and increase the likelihood of further attacks. There is also no guarantee that the information will be released to victims upon payment of the ransom.

According to Graham Cluley, users can protect their devices from locker- and encryption-based mobile ransomware by only downloading apps from trusted developers. Android users should also back up their mobile data on a regular basis and install antivirus software.

More from

How to craft a comprehensive data cleanliness policy

3 min read - Practicing good data hygiene is critical for today’s businesses. With everything from operational efficiency to cybersecurity readiness relying on the integrity of stored data, having confidence in your organization’s data cleanliness policy is essential.But what does this involve, and how can you ensure your data cleanliness policy checks the right boxes? Luckily, there are practical steps you can follow to ensure data accuracy while mitigating the security and compliance risks that come with poor data hygiene.Understanding the 6 dimensions of…

2024 roundup: Top data breach stories and industry trends

3 min read - With 2025 on the horizon, it’s important to reflect on the developments and various setbacks that happened in cybersecurity this past year. While there have been many improvements in security technologies and growing awareness of emerging cybersecurity threats, 2024 was also a hard reminder that the ongoing fight against cyber criminals is far from over.We've summarized this past year's top five data breach stories and industry trends, with key takeaways from each that organizations should note going into the following…

Black Friday chaos: The return of Gozi malware

4 min read - On November 29th, 2024, Black Friday, shoppers flooded online stores to grab the best deals of the year. But while consumers were busy filling their carts, cyber criminals were also seizing the opportunity to exploit the shopping frenzy. Our system detected a significant surge in Gozi malware activity, targeting financial institutions across North America. The Black Friday connection Black Friday creates an ideal environment for cyber criminals to thrive. The combination of skyrocketing transaction volumes, a surge in online activity…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today