Home>CERT-LatestNews>LeakerLocker ransomware: Hackers threaten to expose your browser history, messages and more

LeakerLocker ransomware: Hackers threaten to expose your browser history, messages and more

CERT-LatestNews Malware McAfeeNews Security News ThreatsCybercrime Uncategorized
Home > News > LeakerLocker ransomware: Hackers threaten to expose your browser history, messages and more

The new ransomware threat should not be taken lightly.


After WannaCry and Petya ransomware attacks wrecked havoc worldwide, the issue of internet security has once again taken center stage. Even as security tools are becoming more stringent, cybercriminals have continued to find a way to be ahead in the chase. And now, a new ransomware threat, called LeakerLocker, is lurking over millions of Android users worldwide.

As the ransomware philosophy works, attackers are threatening affected users of leaking their private data including photos, text messages, emails, GPS location, web history and Facebook messages. Cyber security firm McAfee spotted the ransomware in two apps on the Google Play store. The two apps are Wallpapers Blur HD, and Booster and Cleaner Pro. ALSO READ: Petya ransomware attack: India worst hit in Asia-Pacific, 7th most affected globally

After downloading any of the two apps, users get a pop-up message that claims that their data from the phone has been stolen and uploaded to a server in the cloud. Users are given 72 hours to pay a ransom of $50, failing which the attackers will share the data to every person in the contacts.

“Please note that there is no way to delete your data from our secure but paying for them. Powering off or even damaging your smartphone won’t affect your data in the cloud,” reads the message. “No payment has been made yet. Your privacy is in danger,” another threat message appears on the screen of the affected user. ALSO READ: After WannaCry, another ransomware program is spreading globally

“LeakerLocker locks the home screen and accesses private information in the background thanks to its victims granting permissions at installation time. It does not use an exploit or low-level tricks but it can remotely load .dex code from its control server so the functionality can be unpredictable, extended, or deactivated to avoid detection in certain environments,” says McAfee on its blog.

Do note that the security firm points out that not in all the cases data is actually stolen or accessed. But of course, the threat cannot be taken lightly at all. “We advise users of infected devices to not pay the ransom: Doing so contributes to the proliferation of this malicious business, which will lead to more attacks. Also, there is no guarantee that the information will be released or used to blackmail victims again,” McAfee warns users.