News
News Categories

Android OS ransomware Charger found in Google Play app store

By Liu Hongzuo - on 30 Jan 2017, 12:40pm

Android OS ransomware Charger found in Google Play app store

Note: This article was first published on 25th January 2017.

Yet another malware is making its rounds on Android OS devices through the Google Play app store. The Charger ransomware demands payment in the form of Bitcoins, and its makers threatened to sell personal information should their demands aren’t fulfilled.

Cybersecurity researchers at Check Point discovered Charger several weeks ago. It was found embedded in a Google Play store app called Energy Rescue. Charger doesn’t activate if the ransomware learns that the device is located in Ukraine, Russia, or Belarus (the researchers postulate that those countries are where the ransomware’s makers are based at).

If you’re not located in any of those places, Charger will kick in, locking the Android OS device and displaying the following message:

“You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc… We collect and download all of your personal data. All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family.”

The ransomware asks for 0.2 Bitcoins, which is currently worth US$180 (S$225).

The offending app in question.

Charger uses a heavy packing approach to infect devices, which is unlike HummingWhale’s modus operandi. Instead of downloading malicious file components after installation, Charger comes encrypted and compressed within the infected app and it ‘unpacks’ itself after it’s ready.

Google has already been notified of the malware, and they’ve taken the offending app down.

Source: Ars Technica, Check Point (blog)

Join HWZ's Telegram channel here and catch all the latest tech news!
Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.