Two applications that contained a new strain of ransomware known as LeakerLocker have been removed from the Google Play store. Rather than encrypt user files, according to McAfee, the ransomware in question locked the device and threatened to spread sensitive data.

Ransomware has become big news in recent weeks. More than 200,000 computers were hit by the first wave of the WannaCry ransomware attack in May, and researchers concluded that the Petya variant attacks that started on June 27 were intended to destroy data in Ukraine.

LeakerLocker Lurks in Android Apps

The McAfee team, which reported the threat to Google, identified the threat as Android/Ransom.LeakerLocker.A!Pkg. This new breed of ransomware was discovered in a wallpaper changer app known as Wallpapers Blur HD and a memory-boosting app called Booster & Cleaner Pro.

Upon successful installation, the ransomware locks the device’s home screen and accesses private information in the background through permissions granted during installation. The app can remotely load .dex code from its control server to change behavior and avoid detection.

Bleeping Computer reported that this type of ransomware, also referred to as doxware, has been seen before, but most of the earlier threats were empty.

Once it infects a device, LeakerLocker displays a message claiming that it has backed up the victim’s personal data to a secure cloud, McAfee reported. Then the malware attempts to extort a $50 ransom from the victim to prevent the spreading of private information to his or her contacts.

Don’t Trust the Reviews

Both Wallpapers Blur HD and Booster & Cleaner Pro apps received relatively good ratings on Google Play. However, McAfee researchers noted that fake reviews are common in fraudulent apps. However, one potentially real reviewer of Wallpapers Blur HD questioned why the app requested irrelevant permissions, such as making calls, sending SMS messages and accessing contacts.

McAfee experts have not identified code to help transfer user information to a remote server or to distribute personal contacts. Even if the ransomware is a scam, it would be unwise to rule out the possibility that it could download an additional module from its server to make good on its threat to disseminate personal data.

Google removed both apps. Unfortunately, Wallpapers Blur HD gathered between 5,000 and 10,000 downloads, while Booster & Cleaner Pro was downloaded between 1,000 and 5,000 times.

Responding to Ransomware

McAfee researchers advised users of infected devices not to pay the ransom, since doing so would help to support the malware business and increase the likelihood of further attacks. There is also no guarantee that the information will be released to victims upon payment of the ransom.

According to Graham Cluley, users can protect their devices from locker- and encryption-based mobile ransomware by only downloading apps from trusted developers. Android users should also back up their mobile data on a regular basis and install antivirus software.

More from

Did Brazil DSL Modem Attacks Change Device Security?

From 2011 to 2012, millions of Internet users in Brazil fell victim to a massive attack against vulnerable DSL modems. By configuring the modems remotely, attackers could redirect users to malicious domain name system (DNS) servers. Victims trying to visit popular websites (Google, Facebook) were instead directed to imposter sites. These rogue sites then installed malware on victims' computers.According to a report from Kaspersky Lab Expert Fabio Assolini citing statistics from Brazil's Computer Emergency Response Team, the attack ultimately infected…

Who Carries the Weight of a Cyberattack?

Almost immediately after a company discovers a data breach, the finger-pointing begins. Who is to blame? Most often, it is the chief information security officer (CISO) or chief security officer (CSO) because protecting the network infrastructure is their job. Heck, it is even in their job title: they are the security officer. Security is their responsibility. But is that fair – or even right? After all, the most common sources of data breaches and other cyber incidents are situations caused…

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

Securing Your SAP Environments: Going Beyond Access Control

Many large businesses run SAP to manage their business operations and their customer relations. Security has become an increasingly critical priority due to the ongoing digitalization of society and the new opportunities that attackers exploit to achieve a system breach. Recent attacks related to corrupt data, stealing personal information and escalating privileges for remote code execution all highlight the new and varied entry points threat actors have taken advantage of. Attackers with the appropriate skills could be able to exploit…