July 11, 2017 By Mark Samuels 2 min read

Two applications that contained a new strain of ransomware known as LeakerLocker have been removed from the Google Play store. Rather than encrypt user files, according to McAfee, the ransomware in question locked the device and threatened to spread sensitive data.

Ransomware has become big news in recent weeks. More than 200,000 computers were hit by the first wave of the WannaCry ransomware attack in May, and researchers concluded that the Petya variant attacks that started on June 27 were intended to destroy data in Ukraine.

LeakerLocker Lurks in Android Apps

The McAfee team, which reported the threat to Google, identified the threat as Android/Ransom.LeakerLocker.A!Pkg. This new breed of ransomware was discovered in a wallpaper changer app known as Wallpapers Blur HD and a memory-boosting app called Booster & Cleaner Pro.

Upon successful installation, the ransomware locks the device’s home screen and accesses private information in the background through permissions granted during installation. The app can remotely load .dex code from its control server to change behavior and avoid detection.

Bleeping Computer reported that this type of ransomware, also referred to as doxware, has been seen before, but most of the earlier threats were empty.

Once it infects a device, LeakerLocker displays a message claiming that it has backed up the victim’s personal data to a secure cloud, McAfee reported. Then the malware attempts to extort a $50 ransom from the victim to prevent the spreading of private information to his or her contacts.

Don’t Trust the Reviews

Both Wallpapers Blur HD and Booster & Cleaner Pro apps received relatively good ratings on Google Play. However, McAfee researchers noted that fake reviews are common in fraudulent apps. However, one potentially real reviewer of Wallpapers Blur HD questioned why the app requested irrelevant permissions, such as making calls, sending SMS messages and accessing contacts.

McAfee experts have not identified code to help transfer user information to a remote server or to distribute personal contacts. Even if the ransomware is a scam, it would be unwise to rule out the possibility that it could download an additional module from its server to make good on its threat to disseminate personal data.

Google removed both apps. Unfortunately, Wallpapers Blur HD gathered between 5,000 and 10,000 downloads, while Booster & Cleaner Pro was downloaded between 1,000 and 5,000 times.

Responding to Ransomware

McAfee researchers advised users of infected devices not to pay the ransom, since doing so would help to support the malware business and increase the likelihood of further attacks. There is also no guarantee that the information will be released to victims upon payment of the ransom.

According to Graham Cluley, users can protect their devices from locker- and encryption-based mobile ransomware by only downloading apps from trusted developers. Android users should also back up their mobile data on a regular basis and install antivirus software.

More from

How governance, risk and compliance (GRC) addresses growing data liability concerns

4 min read - In an era where businesses increasingly rely on artificial intelligence (AI) and advanced data capabilities, the effectiveness of IT services is more critical than ever. Yet despite the advancements in technology, business leaders are increasingly dissatisfied with their IT departments.According to a study by IBM's Institute for Business Value, confidence in the effectiveness of basic IT services among top executives has significantly declined. While AI promises transformational capabilities, particularly generative artificial intelligence (gen AI), the road to realizing these benefits…

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

Cybersecurity Awareness Month: Horror stories

4 min read - When it comes to cybersecurity, the question is when, not if, an organization will suffer a cyber incident. Even the most sophisticated security tools can’t withstand the biggest threat: human behavior.October is Cybersecurity Awareness Month, the time of year when we celebrate all things scary. So it seemed appropriate to ask cybersecurity professionals to share some of their most memorable and haunting cyber incidents. (Names and companies are anonymous to avoid any negative impact. Suffering a cyber incident is bad…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today