Thousands of Android users are being held to ransom by a new strain of malware known as LeakerLocker.
The so-called ransomware is being used by hackers to extort victims by threatening to leak their personal information to all their contacts unless a ransom is paid.
This information could potentially include photos, text messages, website histories, Facebook chats, GPS locations and email correspondence – essentially anything stored on the victim’s phone.
The LeakerLocker ransomware was detected by cyber security firm McAfee in two apps on Google’s official Play Store – one called “Wallpapers Blur HD” and another called “Booster & Cleaner Pro”.
Anyone who downloads one of these apps receives a pop-up message stating that the data from their smartphone had been stolen and uploaded to a secure server in the cloud.
“In less than 72 hours this data will be sent to every person from your telephone and email contacts list. To abort this action you have to pay a modest ransom of $50,” the message states.
“Please note that there is no way to delete your data from our secure but paying for them. Powering off or even damaging your smartphone won’t affect your data in the cloud.”
A payment threat is then placed on the device’s screen, stating: “No payment has been made yet. Your privacy is in danger.”
If the victim gives in and pays the ransom, another message appears, stating: “Your personal data has been deleted from our servers and your privacy is secured.”
Despite the hacker’ threats, McAfee warns against paying the ransom, as there is no guarantee that the information will be released.
Acquiescing to the hackers’ demands also contributes to the spread of this type of cyber attack.
Security researchers Fernando Ruiz and ZePeng Chen said that, although hackers are able to access some personal data on compromised phones, their claims are overblown.
“Not all the private data that the malware claims to access is read or leaked,” they wrote in a blog post.
“The ransomware can read a victim’s email address, random contacts, Chrome history, some text messages and calls, pick a picture from the camera, and read some device information.”
McAfee said that Google has been made aware of the malicious apps and has launched an investigation. Both apps have now been removed from the Google Play store.