Charger ransomware appears in Play Store app
Security firm Check Point discovered mobile Android ransomware, which was present in a Play Store app. The so-called ‘Charger’ ransomware does not encrypt files, but locks the device and threatens to forward text messages and contacts.
To prevent that and to be able to use the device again, a victim must pay an amount of 0.2 bitcoin to the criminals behind the malware, the company said. That currently amounts to about 167 euros. According to Check Point, that is a higher amount than other mobile malware variants charge. The malicious software was contained in an app called ‘Energy Rescue’, which promises to extend the battery life of devices. So far, no payments have been made to the criminals’ bitcoin address.
Unlike other Android malware, this instance does not download the malicious components at a later date, but already has them on board. In order to not be noticed, the malware uses a number of techniques to hide the presence of malicious code. For example, the malware converts strings into binary arrays to make inspection more difficult, according to Check Point. In addition, the malware first checks whether an emulation environment is present, to avoid analysis by researchers.
Once Charger is present on the device, the malware asks for administrator rights and then accesses text messages and contacts. If the software detects that the device is located in Russia, Ukraine or Belarus, it will not execute malicious code on the smartphone. According to the security company, this is done to prevent prosecution in their own country or extradition. After a notification by Check Point, Google removed the app in question from the Play Store. In 2012, the search giant added an automatic malware scanner to its app store called “Bouncer.”
Check Point also recently reported that it found a variant of the so-called HummingBad Android malware in 20 Play Store apps. This new variant, called HummingWhale, has been downloaded more than two million times and generates revenue by displaying malicious ads and installing other apps.