New Android ransomware found lurking in apps in the Google Play store threatens to send victims' private information to contacts, rather than encrypting and locking files.
McAfee uncovered the LeakerLocker threat, which it found lurking in two apps in the Google Play store: 'Wallpapers Blur HD' and 'Booster & Cleaner Pro.' Both are well-rated and appear to have been downloaded thousands of times.
Instead of encrypting users' files and making them inaccessible, LeakerLocker threatens to send users' private data to friends from their contact list.
According to the lock screen message displayed by LeakerLocker, the malware gathers a user's photos, text messages, call history, Facebook messages, Google Chrome browser data, emails and GPS location history.
"LeakerLocker locks the home screen and accesses private information in the background thanks to its victims granting permissions at installation time.
"It does not use an exploit or low-level tricks, but it can remotely load .dex code from its control server so the functionality can be unpredictable, extended, or deactivated to avoid detection in certain environments," explained McAfee's threat advisory.
"Not all the private data that the malware claims to access is read or leaked. The ransomware can read a victim's email address, random contacts, Chrome history, some text messages and calls, pick a picture from the camera, and read some device information."
The ransomware, or 'Doxware', asks for a $50 payment via a credit card transaction and demands that users pay within 72 hours.
"We advise users of infected devices to not pay the ransom: Doing so contributes to the proliferation of this malicious business, which will lead to more attacks," McAfee advises. "Also, there is no guarantee that the information will be released or used to blackmail victims again."
Google has been alerted to the threat by McAfee and says is currently investigating it.
AlphaBay users had flocked to Hansa after it was closed down - not realising it had already been taken over by Dutch police
Microsoft closes in on $100bn annual revenues with sales weighing-in at $23.3bn
Moves to take down cyber-squatted domains reveals Fancy Bear hacking network, claims Microsoft
Intel claims 'world first' in artificial intelligence that can be plugged-in almost anywhere