Thousands of Android users may be at risk to a newly discovered form of malware which attempts to extort victims by threatening to leak a trove of personal information including photos, website histories and text messages unless a 'ransom' is paid to the hackers.
Dubbed 'LeakerLocker' by experts from cybersecurity firm McAfee, it demands $50 (£39) per victim to prevent the release of potentially sensitive data, which also includes Facebook chats, GPS locations and email correspondence, to the device's stored contact list.
It's a departure from the traditional approach of mobile ransomware , which typically keeps sensitive files cloaked via strong encryption until a fee is paid.
This scam is known as doxware, with the hackers claiming the smartphone's data is stolen and uploaded directly to a secure server in the cloud.
Upon infection, a 'ransom' note warns: "In less than 72 hours this data will be sent to every person from your telephone and email contacts list.
"To abort this action you have to pay a modest ransom of $50. Please note that there is no way to delete your data from our secure but paying for them (sic). Powering off or even damaging your smartphone won't affect your data in the cloud."
Two apps on Google's official Play Store were found to be carrying the malware, titled "Wallpapers Blur HD" (between 5,000 and 10,000 downloads) and "Booster & Cleaner Pro" (between 1,000 and 5,000 downloads), each updated in the last three months.
Taking Booster & Cleaner Pro as an example, McAfee experts Fernando Ruiz and ZePeng Chen explained in their analysis that the malicious payload is only able to work if the victim permits a slew of heightened permissions upon installation.
When launched for the first time, the fake booster app – advertised as a way of speeding up a device – appears to be legitimate however its covert activity quickly kicks into gear by locking down the victim's home screen with an overlay page displaying the ransom note.
It has the capability of displaying private information (because the victim unwittingly granted it access) in the background.
LeakerLocker does not use any mobile exploits however can remotely add malicious code to help it "avoid detection in certain environments".
In its report, McAfee was unable to provide concrete analysis about whether the compromised files were actually sent to an external server. The hackers may be scammers due to the fact "not all the private data" the malware claimed to access was actually read, the experts said.
What is set up is the payment channel, the researchers asserted.
If successful, a message states "our [sic] personal data has been deleted from our servers and your privacy is secured" and if not it states "no payment has been made yet. Your privacy is in danger".
It remains unknown how much money the hackers have accumulated in the scheme.
Dubbed 'LeakerLocker' by experts from cybersecurity firm McAfee, it demands $50 (£39) per victim to prevent the release of potentially sensitive data, which also includes Facebook chats, GPS locations and email correspondence, to the device's stored contact list.
It's a departure from the traditional approach of mobile ransomware , which typically keeps sensitive files cloaked via strong encryption until a fee is paid.
This scam is known as doxware, with the hackers claiming the smartphone's data is stolen and uploaded directly to a secure server in the cloud.
Upon infection, a 'ransom' note warns: "In less than 72 hours this data will be sent to every person from your telephone and email contacts list.
"To abort this action you have to pay a modest ransom of $50. Please note that there is no way to delete your data from our secure but paying for them (sic). Powering off or even damaging your smartphone won't affect your data in the cloud."
Two apps on Google's official Play Store were found to be carrying the malware, titled "Wallpapers Blur HD" (between 5,000 and 10,000 downloads) and "Booster & Cleaner Pro" (between 1,000 and 5,000 downloads), each updated in the last three months.
Taking Booster & Cleaner Pro as an example, McAfee experts Fernando Ruiz and ZePeng Chen explained in their analysis that the malicious payload is only able to work if the victim permits a slew of heightened permissions upon installation.
When launched for the first time, the fake booster app – advertised as a way of speeding up a device – appears to be legitimate however its covert activity quickly kicks into gear by locking down the victim's home screen with an overlay page displaying the ransom note.
It has the capability of displaying private information (because the victim unwittingly granted it access) in the background.
LeakerLocker does not use any mobile exploits however can remotely add malicious code to help it "avoid detection in certain environments".
In its report, McAfee was unable to provide concrete analysis about whether the compromised files were actually sent to an external server. The hackers may be scammers due to the fact "not all the private data" the malware claimed to access was actually read, the experts said.
What is set up is the payment channel, the researchers asserted.
If successful, a message states "our [sic] personal data has been deleted from our servers and your privacy is secured" and if not it states "no payment has been made yet. Your privacy is in danger".
It remains unknown how much money the hackers have accumulated in the scheme.
0 comments:
Drop your comments here!