The federal government has warned Australians of a new form of ransomware that threatens to share your internet browser history if a payment isn’t made.
The malware, which was discovered by McAfee’s Mobile Malware Research Team, claims to have made a copy of a user’s browsing history, photos, texts and other personal data and threatens to send this to all contacts if a ransom of $US50 ($63) isn’t paid.
Dubbed LeakerLocker, the ransomware has been found in two Android apps so far: Wallpapers Blur HD and Booster & Cleaner Pro.
“LeakerLocker claims to have made an unauthorised backup of a phone’s sensitive information that could be leaked to a user’s contacts unless it receives a ‘modest ransom’,” McAfee’s Fernando Ruiz and ZePeng Chen said in a blog post.
The federal government, through its Stay Smart Online initiative, issued a warning about the new threat, and advised anyone that has downloaded the app to uninstall it immediately, not pay the ransom and clear browser history.
McAfee also advises users to not pay the ransom.
“Doing so contributes to the proliferation of this malicious business, which will lead to more attacks. Also, there is no guarantee that the information will be released or used to blackmail victims again,” the post said.
The two infected apps have been reported to Google, which is currently investigating.
The Wallpapers app has been downloaded between 5-10,000 times, while Booster & Cleaner Pro has been downloaded between 1-5,000 times. Both have been rated relatively highly, but as McAfee said, fake reviews are very common in fraudulent apps.
After being downloaded, the apps then request permission from smartphone owners to access personal phone data.
“Due to the nature of this kind of application, users could be more willing to allow access to almost any permission,” Ruiz and Chen said.
The app then later locks the phone’s home screen and accesses private information in the background thanks to already being granted permission. A message will then appear on the phone reading:
“In less then [sic] 72 hours this data will be sent to every person from your telephone and email contacts list. To abort this action you have to pay a modest ransom of $50.”
But according to McAfee, it’s unlikely that the malware actually has access to all the information that it claims.
“Not all the private data that the malware claims to access is read or leaked,” the post said.
“The ransomware can read a victim’s email address, random contacts, Chrome history, some text messages and calls, pick a picture from the camera and read some device information.
“All this information is randomly chosen to display via JavaScript and convince the victims that lots of data has been copied.”
To avoid malware of this type, the government has advised Australians to carefully read reviews of applications before downloading them, and check the permission they request. They also said people should regularly clear their browsing history and backup devices continually.
The new cyber threat comes after two significant global ransomware attacks this year. These attacks instead mainly targeted businesses, locking a computer’s files and demanding a ransom to be paid in bitcoin.
Australian Computer Society president Anthony Wong said the recent cyber attacks show “just how vulnerable our way of life has become”.
“Technology has delivered us incredible advances, but also incredible vulnerabilities,” Wong said. “This is the reality of our technology-dependent society and it is telling that it has been predicted many times over, with little action taken.”
