{"id":75802,"date":"2017-07-07T11:02:50","date_gmt":"2017-07-07T18:02:50","guid":{"rendered":"https:\/\/securingtomorrow.mcafee.com\/?p=75802"},"modified":"2025-06-02T18:48:20","modified_gmt":"2025-06-03T01:48:20","slug":"leakerlocker-mobile-ransomware-acts-without-encryption","status":"publish","type":"post","link":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/","title":{"rendered":"LeakerLocker: Mobile Ransomware Acts Without Encryption"},"content":{"rendered":"<p>We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a payment to prevent the attacker from spreading a victim\u2019s private information. LeakerLocker claims to have made an unauthorized backup of a phone\u2019s sensitive information that could be leaked to a user\u2019s contacts unless it receives \u201ca modest ransom.\u201d<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-1.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft wp-image-75801 size-full\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-1.png\" alt=\"\" width=\"1001\" height=\"1318\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-1.png 1001w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-1-228x300.png 228w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-1-768x1011.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-1-778x1024.png 778w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-1-380x500.png 380w\" sizes=\"auto, (max-width: 1001px) 100vw, 1001px\" \/><\/a><\/p>\n<p>The McAfee Mobile Malware Research team has identified this ransomware as Android\/Ransom.LeakerLocker.A!Pkg. We reported it to Google, which says it is investigating.<\/p>\n<p>Two applications on Google Play carry this threat. \u201cWallpapers Blur HD\u201d has been downloaded between 5,000 and 10,000 times. It was last updated on April 7. From reviews, we can see that one user complains why a wallpaper app requests irrelevant permissions such as calls, reading and sending SMS, access to contacts, etc.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-2.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-75803 size-full\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-2.png\" alt=\"\" width=\"1217\" height=\"1849\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-2.png 1217w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-2-197x300.png 197w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-2-768x1167.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-2-674x1024.png 674w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-2-329x500.png 329w\" sizes=\"auto, (max-width: 1217px) 100vw, 1217px\" \/><\/a><\/p>\n<p>The second malicious app is \u201cBooster &amp; Cleaner Pro,\u201d last updated on June 28. It has been downloaded between 1,000 and 5,000 times. Its rating is 4.5, much higher than Wallpaper\u2019s 3.6. This rating, however, is not a safety indicator because fake reviews are very common in fraudulent apps.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-3.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-75804 size-full\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-3.png\" alt=\"\" width=\"1229\" height=\"1973\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-3.png 1229w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-3-187x300.png 187w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-3-768x1233.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-3-638x1024.png 638w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-3-311x500.png 311w\" sizes=\"auto, (max-width: 1229px) 100vw, 1229px\" \/><\/a><\/p>\n<p>Both Trojans offer apparently normal functions, but they hide a malicious payload.<\/p>\n<p>Let\u2019s examine \u201cBooster &amp; Cleaner Pro\u201d to see what happens with this hidden payload.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-4.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-75805 size-medium\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-4-180x300.png\" alt=\"\" width=\"180\" height=\"300\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-4-180x300.png 180w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-4-300x500.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-4.png 480w\" sizes=\"auto, (max-width: 180px) 100vw, 180px\" \/><\/a><\/p>\n<p>At first execution, the malware displays typical functions of Android boosters. Due to the nature of this kind of application, users could be more willing to allow access to almost any permission.<\/p>\n<p>After the boot is complete, the receiver com.robocleansoft.boostvsclean.receivers.BoorReceiver initiates AlarmManager, which along with other conditions starts the malicious activity com.robocleansoft.boostvsclean.AdActivity and locks the device\u2019s screen.<\/p>\n<p>LeakerLocker locks the home screen and accesses private information in the background thanks to its victims granting permissions at installation time. It does not use an exploit or low-level tricks but it can remotely load .dex code from its control server so the functionality can be unpredictable, extended, or deactivated to avoid detection in certain environments.<\/p>\n<p>Not all the private data that the malware claims to access is read or leaked. The ransomware can read a victim\u2019s email address, random contacts, Chrome history, some text messages and calls, pick a picture from the camera, and read some device information\u2014as we can see from the following JavaScript interface function:<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-5.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-75806 size-full\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-5.png\" alt=\"\" width=\"513\" height=\"619\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-5.png 513w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-5-249x300.png 249w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-5-414x500.png 414w\" sizes=\"auto, (max-width: 513px) 100vw, 513px\" \/><\/a><\/p>\n<p>All this information is randomly chosen to display via JavaScript (in jpus.js) and convince the victims that lots of data has been copied. A WebView appears after the device is locked.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-6.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-75807 size-full\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-6.png\" alt=\"\" width=\"261\" height=\"423\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-6.png 261w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-6-185x300.png 185w\" sizes=\"auto, (max-width: 261px) 100vw, 261px\" \/><\/a><\/p>\n<p>At this point the information has not been transmitted by the code in the original app, but a transfer could occur if the control server provides another .dex file.<\/p>\n<p>When a victim inputs a credit card number and clicks \u201cPay,\u201d the code send a request to the payment URL with the card number as a parameter. If the payment succeeds, it shows the information \u201cour [sic] personal data has been deleted from our servers and your privacy is secured.&#8221; If not successful, it shows &#8220;No payment has been made yet. Your privacy is in danger.\u201d The payment URL comes from server; the attacker can set different destination card numbers on the server.<\/p>\n<p><a href=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-8.png\"><img loading=\"lazy\" decoding=\"async\" class=\"alignnone wp-image-75809 size-full\" src=\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-8.png\" alt=\"\" width=\"1387\" height=\"288\" srcset=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-8.png 1387w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-8-300x62.png 300w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-8-768x159.png 768w, https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-8-1024x213.png 1024w\" sizes=\"auto, (max-width: 1387px) 100vw, 1387px\" \/><\/a><\/p>\n<p>We advise users of infected devices to not pay the ransom: Doing so contributes to the proliferation of this malicious business, which will lead to more attacks. Also, there is no guarantee that the information will be released or used to blackmail victims again.<\/p>\n<h2><strong>Hashes<\/strong><\/h2>\n<ul>\n<li>A485F69D5E8EFEE151BF58DBDD9200B225C1CF2FF452C830AF062A73B5F3EC97<\/li>\n<li>CD903FC02F88E45D01333B17AD077D9062316F289FDED74B5C8C1175FDCDB9D8<\/li>\n<li>CB0A777E79BCEF4990159E1B6577649E1FCA632BFCA82CB619EEA0E4D7257E7B<\/li>\n<li>B6BAE19379225086D90023F646E990456C49C92302CDABDCCBF8B43F8637083E<\/li>\n<li>486F80EDFB1DEA13CDE87827B14491E93C189C26830B5350E31B07C787B29387<\/li>\n<\/ul>\n<h2><strong>URLs<\/strong><\/h2>\n<ul>\n<li>hxxp:\/\/updatmaster.top\/click.php?cnv_id<\/li>\n<li>http:\/\/goupdate.bid\/click.php?cnv_id=<\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a&#8230;<\/p>\n","protected":false},"author":833,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[442],"tags":[37,76,180,214],"coauthors":[2035,4662],"class_list":["post-75802","post","type-post","status-publish","format-standard","hentry","category-mcafee-labs","tag-android","tag-cybercrime","tag-malware","tag-mobile-security1"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v25.4 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>LeakerLocker: Mobile Ransomware Acts Without Encryption | McAfee Blog<\/title>\n<meta name=\"description\" content=\"We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a payment to prevent the attacker from\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"LeakerLocker: Mobile Ransomware Acts Without Encryption | McAfee Blog\" \/>\n<meta property=\"og:description\" content=\"We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a payment to prevent the attacker from\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/\" \/>\n<meta property=\"og:site_name\" content=\"McAfee Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/McAfee\/\" \/>\n<meta property=\"article:published_time\" content=\"2017-07-07T18:02:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-03T01:48:20+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-1.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1001\" \/>\n\t<meta property=\"og:image:height\" content=\"1318\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Fernando Ruiz, ZePeng Chen\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@McAfee\" \/>\n<meta name=\"twitter:site\" content=\"@McAfee\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Fernando Ruiz, ZePeng Chen\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/\"},\"author\":{\"name\":\"Fernando Ruiz\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/0ed97a1d0ce0c90c2a9ef2fbab555922\"},\"headline\":\"LeakerLocker: Mobile Ransomware Acts Without Encryption\",\"datePublished\":\"2017-07-07T18:02:50+00:00\",\"dateModified\":\"2025-06-03T01:48:20+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/\"},\"wordCount\":665,\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-1.png\",\"keywords\":[\"android\",\"cybercrime\",\"malware\",\"mobile security\"],\"articleSection\":[\"McAfee Labs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/\",\"name\":\"LeakerLocker: Mobile Ransomware Acts Without Encryption | McAfee Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-1.png\",\"datePublished\":\"2017-07-07T18:02:50+00:00\",\"dateModified\":\"2025-06-03T01:48:20+00:00\",\"description\":\"We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a payment to prevent the attacker from\",\"breadcrumb\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/#primaryimage\",\"url\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-1.png\",\"contentUrl\":\"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-1.png\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Other Blogs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"McAfee Labs\",\"item\":\"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/\"},{\"@type\":\"ListItem\",\"position\":4,\"name\":\"LeakerLocker: Mobile Ransomware Acts Without Encryption\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#website\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"name\":\"McAfee Blog\",\"description\":\"Internet Security News\",\"publisher\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#organization\",\"name\":\"McAfee\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"contentUrl\":\"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png\",\"width\":1286,\"height\":336,\"caption\":\"McAfee\"},\"image\":{\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/McAfee\/\",\"https:\/\/x.com\/McAfee\",\"https:\/\/www.linkedin.com\/company\/mcafee\/\",\"https:\/\/www.youtube.com\/McAfee\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/0ed97a1d0ce0c90c2a9ef2fbab555922\",\"name\":\"Fernando Ruiz\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/5b6dec450e97e87f9a57fae15bae5d34\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/7fa953f9b978dc1f77d7abb273aa5ec1?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/7fa953f9b978dc1f77d7abb273aa5ec1?s=96&d=mm&r=g\",\"caption\":\"Fernando Ruiz\"},\"description\":\"Fernando Ruiz is a Security Researcher in McAfee Labs. He specializes in mobile threats and Android malware. Ruiz performs deep analysis and reverse engineering of malicious code, packers, and vulnerabilities; and creates detection technologies to proactively protect people against a wide spectrum of malware and potentially unwanted programs.\",\"url\":\"https:\/\/www.mcafee.com\/blogs\/author\/fernando-ruiz\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"LeakerLocker: Mobile Ransomware Acts Without Encryption | McAfee Blog","description":"We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a payment to prevent the attacker from","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"og_locale":"en_US","og_type":"article","og_title":"LeakerLocker: Mobile Ransomware Acts Without Encryption | McAfee Blog","og_description":"We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a payment to prevent the attacker from","og_url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/","og_site_name":"McAfee Blog","article_publisher":"https:\/\/www.facebook.com\/McAfee\/","article_published_time":"2017-07-07T18:02:50+00:00","article_modified_time":"2025-06-03T01:48:20+00:00","og_image":[{"width":1001,"height":1318,"url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2017\/07\/20170706-Leaker-1.png","type":"image\/png"}],"author":"Fernando Ruiz, ZePeng Chen","twitter_card":"summary_large_image","twitter_creator":"@McAfee","twitter_site":"@McAfee","twitter_misc":{"Written by":"Fernando Ruiz, ZePeng Chen","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/#article","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/"},"author":{"name":"Fernando Ruiz","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/0ed97a1d0ce0c90c2a9ef2fbab555922"},"headline":"LeakerLocker: Mobile Ransomware Acts Without Encryption","datePublished":"2017-07-07T18:02:50+00:00","dateModified":"2025-06-03T01:48:20+00:00","mainEntityOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/"},"wordCount":665,"publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-1.png","keywords":["android","cybercrime","malware","mobile security"],"articleSection":["McAfee Labs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/","url":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/","name":"LeakerLocker: Mobile Ransomware Acts Without Encryption | McAfee Blog","isPartOf":{"@id":"https:\/\/www.mcafee.com\/blogs\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/#primaryimage"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/#primaryimage"},"thumbnailUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-1.png","datePublished":"2017-07-07T18:02:50+00:00","dateModified":"2025-06-03T01:48:20+00:00","description":"We recently found on Google Play a type of mobile ransomware that does not encrypt files. This malware extorts a payment to prevent the attacker from","breadcrumb":{"@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/#primaryimage","url":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-1.png","contentUrl":"https:\/\/securingtomorrow.mcafee.com\/wp-content\/uploads\/2017\/07\/20170706-Leaker-1.png"},{"@type":"BreadcrumbList","@id":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/leakerlocker-mobile-ransomware-acts-without-encryption\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog","item":"https:\/\/www.mcafee.com\/blogs\/"},{"@type":"ListItem","position":2,"name":"Other Blogs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/"},{"@type":"ListItem","position":3,"name":"McAfee Labs","item":"https:\/\/www.mcafee.com\/blogs\/other-blogs\/mcafee-labs\/"},{"@type":"ListItem","position":4,"name":"LeakerLocker: Mobile Ransomware Acts Without Encryption"}]},{"@type":"WebSite","@id":"https:\/\/www.mcafee.com\/blogs\/#website","url":"https:\/\/www.mcafee.com\/blogs\/","name":"McAfee Blog","description":"Internet Security News","publisher":{"@id":"https:\/\/www.mcafee.com\/blogs\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.mcafee.com\/blogs\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.mcafee.com\/blogs\/#organization","name":"McAfee","url":"https:\/\/www.mcafee.com\/blogs\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/","url":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","contentUrl":"https:\/\/www.mcafee.com\/blogs\/wp-content\/uploads\/2023\/02\/mcafee-logo.png","width":1286,"height":336,"caption":"McAfee"},"image":{"@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/McAfee\/","https:\/\/x.com\/McAfee","https:\/\/www.linkedin.com\/company\/mcafee\/","https:\/\/www.youtube.com\/McAfee"]},{"@type":"Person","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/0ed97a1d0ce0c90c2a9ef2fbab555922","name":"Fernando Ruiz","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.mcafee.com\/blogs\/#\/schema\/person\/image\/5b6dec450e97e87f9a57fae15bae5d34","url":"https:\/\/secure.gravatar.com\/avatar\/7fa953f9b978dc1f77d7abb273aa5ec1?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/7fa953f9b978dc1f77d7abb273aa5ec1?s=96&d=mm&r=g","caption":"Fernando Ruiz"},"description":"Fernando Ruiz is a Security Researcher in McAfee Labs. He specializes in mobile threats and Android malware. Ruiz performs deep analysis and reverse engineering of malicious code, packers, and vulnerabilities; and creates detection technologies to proactively protect people against a wide spectrum of malware and potentially unwanted programs.","url":"https:\/\/www.mcafee.com\/blogs\/author\/fernando-ruiz\/"}]}},"_links":{"self":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/75802","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/users\/833"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/comments?post=75802"}],"version-history":[{"count":2,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/75802\/revisions"}],"predecessor-version":[{"id":214916,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/posts\/75802\/revisions\/214916"}],"wp:attachment":[{"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/media?parent=75802"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/categories?post=75802"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/tags?post=75802"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.mcafee.com\/blogs\/wp-json\/wp\/v2\/coauthors?post=75802"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}