Android users are being warned to be on the lookout for a new type of ransomware that threatens to leak their private data to anyone in their contact book.
Dubbed LeakerLocker, the malicious software is being spread through bogus apps on the Google Play store.
Once installed, the malware claims to have made a backup of personal images, messages, browsing history and other sensitive information.
It then threatens to forward these details to all of the user's family, friends and colleagues stored on the device, unless a ransom of $50 (£38) is paid.
It was found in two applications in the Google Play Store, Wallpapers Blur HD and Booster & Cleaner Pro, both of which have thousands of downloads. Both are trojans that offer apparently normal functions, but they ask for excessive permissions (like the ability to access calls, reading and sending SMS and access to contacts). Once installed, LeakerLocker locks the home screen and uses those permissions to tap the victim’s email address, random contacts, Chrome history, some text messages and calls, pictures from the camera, and some device information. If a victim pays the fee, a window pops up that says, “Your [sic] personal data has been deleted from our servers and your privacy is secured.”
McAfee researchers warned that the app also can remotely load code from its control server, “so the functionality can be unpredictable, extended or deactivated to avoid detection in certain environments.”
The malware is a bit of a sham, however: Bits and pieces of information are randomly chosen to display and convince the victims that all of their data has been copied. In reality, it’s unlikely the authors have made complete copies of the information.
McAfee said that Google has been made aware of the malicious apps and has launched an investigation.
Google has removed both apps, but before this, the first app managed to gather between 5,000 and 10,000 downloads, while the second was downloaded between 1,000 and 5,000 times.
Based on user comments, both apps appear to have been part of a rewards program that gave users small amounts of money to install an app on their device. This type of distribution scheme is becoming popular and has been used in the past to trick users into installing malware on their devices.
In June, Chinese authorities arrested two individuals distributing Android ransomware after they handled payments via traceable channels. Because the LeakerLocker group handles ransom payments in a similar way, there's a high chance that authorities could track down this group as well. Below is how a standard LeakerLocker ransom note looks like.