McAfee researchers have discovered a new data security threat on the Google Play Store: malware which tries to extort $50 in exchange for not sharing your browsing history with your phone and email contacts.
LeakerLocker, as the new malware is called, acts almost like typical ransomware. However, instead of encrypting your files and demanding a ransom, this cleverly thought-out malware leverages the power of embarrassment to extort $50 from the victim in exchange for not revealing personal data to the phone’s contacts.
If the victim fails to do so, LeakerLocker will leak the following:
– Facebook messages
– Location history
– Browsing history
In order to further convince the victims to pay up, it shows snippets of their personal data, suggesting it has already been copied to a remote location.
This malware was detected in the following 2 Android apps:
– Booster & Cleaner Pro (1,000-5,000 downloads)
– Wallpapers Blur HD (5,000-10,000 downloads)
These numbers suggest that up to 15,000 people have been infected, and the malware has been present in the Play Store since at least April.
To install these apps, you must grant them a vast array of permissions, which should serve as a huge red flag all by itself.
Researchers are advising victims not to pay, since there is no guarantee that the cybercriminals will do as they promised, and no guarantee they won’t use the stolen data to blackmail them again.
Google claims to be investigating the matter, and the two malicious apps have been removed from the marketplace.