LeakerLocker – Android malware that was spotted spreading in Google Play
LeakerLocker is a new variant of Android ransomware that has been spotted spreading via two apps in Google Play store – “Wallpapers Blur HD” and “Booster & Cleaner Pro.“ This mobile malware cannot encrypt files but threatens to leak sensitive victim’s information if she or he does not pay a ransom of $50 in 72 hours.
LeakerLocker virus locks device’s screen and delivers a pop-up window as soon as the user downloads one of the infected apps. It says that malware contains this information that will be sent to each phone and email contact if criminals won’t receive a “modest ransom” within the deadline:
- Personal photos;
- Contact numbers;
- Send and received SMS;
- Phone calls history;
- Facebook messages;
- Chrome visits history;
- Full email texts;
- GPS location history.
Crooks claim that all the personal data was transferred to their secure cloud. Thus, deletion of the LeakerLocker ransomware won’t protect personal files and data. However, these words might be just a threatening tactic used by cyber criminals in order to get as many ransoms as possible. Therefore, you should not rush click “Procceed” button and make the transaction.
No one knows if crooks copied your files, if they can publish this data or if they keep their words once they receive the ransom. The research has shown that malware can access particular data by communicating with its Command and Control (C&C) server. However, the situation does not seem as crooks want to make you believe.
What is more, even if you pay the ransom, they might ask for more money later. Therefore, demanded $50 might be just the beginning of swindling your money. Thus, it’s better to remove LeakerLocker from the Android device and hope for the best.
LeakerLocker removal requires not only uninstalling malicious apps but checking the system for other suspicious components. This task might be complicated, so we suggest automatic elimination option using mobile-friendly security software, for instance Reimage.
Two malicious apps were available on Google Play store
This version of Android virus spread via two apps in the official store:
- Wallpapers Blur HD;
- Booster & Cleaner Pro.
Researchers announced about these apps and Google removed them. However, they might spread in unofficial download websites or stores. Since McAfee research team discovered LeakerLocker, these malicious apps were already downloaded thousands of times.
According to the analysis, “Wallpapers Blur HD” was downloaded 5,000 – 10,000 times. Meanwhile, the installation rate of “Booster & Cleaner Pro” is smaller. This malicious app was downloaded only from 1,000 to 5,000 times. The latter app has a pretty high rate. But judging from user’s reviews, it’s clear that they are fake.
However, “Wallpapers Blur HD” users note that the application requires access to irrelevant data, for instance, access to contacts, call logs or SMS. We want to point out that it’s important to read authorization agreements before installing the app.
If you chosen application seems to ask for lots of information that is not necessary for the operation, you should not give the access to such data. In this case, it’s obvious that wallpaper app does not need to get access to your contacts in order to operate.
It’s unknown what countries have suffered the most from this mobile malware. According to the primary data, the United States, Canada, and the United Kingdom might be at the top of the list.
Uninstall LeakerLocker from your Android smartphone
Undoubtedly, LeakerLocker removal requires uninstalling “Wallpapers Blur HD” and “Booster & Cleaner Pro” from the phone. However, we also highly recommend scanning the system with security software and eliminate all malware-related components entirely.
However, malware can block Reimage or another your preferred security software. In this case, you may need to restart your Android to the Safe Mode by following these steps:
- Press the power button and press it until you see a menu. Click on the Power off option.
- You will receive a dialog window that asks to reboot the device to Safe Mode. Thus, click OK.
If you cannot reboot your device or remove LeakerLocker manually, please check manual Android removal instructions here.