Privacy-exposing ransomware

Watch out for…

Protect Your Tech - watch outPrivacy-exposing ransomware

What’s the threat?

A new strain of ransomware threatens to spread your private information to your contacts unless you pay “a modest ransom” of $50 within 72 hours. This is a different tactic to most ransomware, which encrypts your files.

Called LeakerLocker, it is Android malware found in two apps that had been installed thousands of times from the Google Play store. One, called Wallpapers Blur HD, contained wallpapers you can download on your phone and tablet, while the other, called Booster & Cleaner Pro, claimed to speed up your device. The former was last updated in April; the latter in June.

When it strikes, LeakerLocker shows the message: “All personal data from your smartphone has been trasfered (sic) to our secure cloud” (see screenshot). It claims this data includes photos, emails, texts and contact numbers. Security researchers from US company McAfee, who discovered LeakerLocker, confirmed that it can access your data. But they added there’s no evidence it actually uploads this information to its server (read more at www.snipca.com/24930). 

How can you stay safe?

Always check an app’s reviews, because some comments reveal the suspicious behaviour typical of malware. For example, one review for Wallpapers Blur HD complained about it asking for “irrelevant permissions”, such as access to the phone’s contacts list. Indeed, one of the surest signs that an app is up to no good is requesting permissions that it doesn’t need.

Google has removed both apps, eliminating the immediate danger. But we expect to see more examples of ransomware that threaten to release private information, a form of attack called ‘doxing’. Previously hackers targeted specific people, including journalists and members of the Ku Klux Klan, but LeakerLocker suggests they may be growing more indiscriminate.

New tools

Protect Your Tech - new toolsAndroid’s ‘panic mode’

Possibly the greatest advice ever offered comes on the back of The Hitchhiker’s Guide to the Galaxy: don’t panic. But panic is what many people do when they fear their phone has been hacked. Google, which makes the mobile operating system Android, noticed that users rapidly press the back button when their device starts behaving oddly, particularly when the screen has been unexpectedly locked.

So, cleverly, Google has turned this frantic reaction into a ‘panic mode’. If an Android user taps the back button four times in quick succession, the phone assumes you need help. It will instantly close any app that’s running, suspecting it to be malware, and return you to the home screen. From here you’ll hopefully be able to uninstall any apps causing problems.

Its main purpose could be as an emergency escape from ransomware (such as LeakerLocker – see above), but at the moment it’s available only in devices running Android 7.1 (Nougat), and has to be activated by the manufacturer. To find out what version your phone is running, tap the Settings icon (usually a cog), then scroll down and tap ‘About phone’. Let’s hope this valuable tool soon becomes standard across all devices.

Scam Watch!ScamWatch

Readers warn readers

Ignore Tesco scam’s freebies 

What is it about scammers and supermarkets? In Issue 503’s ScamWatch reader Jean Atkinson warned about a fake Sainsbury’s voucher on Facebook. And in the past few months I’ve received scam texts and emails claiming to be from Tesco. The email said I had been “exclusively selected” for a £1,000 prize draw. I was urged to click a link to confirm my registration. The text was similar, tempting me with £500 or a free iPhone. I still recall my grandfather 60 years ago telling me to ignore things that seem “too good to be true”. His advice is as valid now. 
Martin Duffy 

For more ways to protect your tech, try Computeractive magazine. 
Subscribe today and get 3 issues for £1, plus a FREE welcome gift