Google Removes Android Apps Containing LeakerLocker Ransomware

It has been a while since we last saw a prominent ransomware threat in the mobile ecosystem. Such types of malware are still somewhat uncommon, but there are certainly developers looking to tap into this new pool of victims. LeakerLocker ransomware has been found in at least two different Android apps on the Google Play Store so far. This is quite disturbing, as it appears the developers are still able to get their malicious software onto the Play Store with relative ease.

LeakerLocker Ransomware is a New Threat

It is good to see Google take such aggressive action when it comes to removing applications containing malware. The company has had to intervene several times during the past year or so. As a result of this latest effort, two applications containing the LeakerLocker ransomware have been forcefully removed from the Play Store in quick succession.

Unlike what we have come to expect from such a malware type, LeakerLocker does not care too much about encrypting files. That is somewhat strange, since ransomware usually requires payment for decryption of files. LeakerLocker is differentand it simply locks the entire mobile device. The victims are then greeted with a message claiming how the hackers will send the device’s private data to their friends and family if a ransom is not paid.

This is not exactly ransomware in the traditional sense, since it feels closer to blackmail. This is more of a doxware strain than anything else. Luckily, the threats made by such software are often hollow and can be disregarded without major repercussions. This includes LeakerLocker, which is the one silver lining in all of this.

Even though both applications containing this doxware have been removed by Google, they have been downloaded by thousands of users already. It is believed there have been a total of 15,000 downloads for both apps combined. Both applications are part of a rewards program which offers users financial incentives to install third-party apps on their device. Such a scheme also leaves the door wide open for distributing malware.

It appears LeakerLocker does not leverage any known exploit on the Android operating system. It only works because the users who install the associated apps give it the necessary permissions to potentially cause harm. The malware can access user data, including email addresses, contacts, text messages, pictures, and the call history. However, this information is not transferred to a third-party server, which means it probably will not be sent to friends and family either.

This particular type of ransomware does not ask for a cryptocurrency payment. Instead, victims need to cough up $50 through a credit card payment. These developers understand that cryptocurrency payments do not provide anonymity criminals so desperately need. It is far easier to rely on traditional payment methods. There is no evidence of any LeakerLocker victim making such a payment.