News Categories

There's a ransomware in the Google Play store

By Bryan Chan & Liu Hongzuo - on 26 Jan 2017, 10:12am

There's a ransomware in the Google Play store

Yet another malware is making its rounds on Android OS devices through the Google Play app store. The Charger ransomware demands payment in the form of Bitcoins, and its makers threatened to sell personal information should their demands aren’t fulfilled.

Cybersecurity researchers at Check Point discovered Charger several weeks ago. It was found embedded in a Google Play store app called Energy Rescue. Charger doesn’t activate if the ransomware learns that the device is located in Ukraine, Russia, or Belarus (the researchers postulate that those countries are where the ransomware’s makers are based at).

If you’re not located in any of those places, Charger will kick in, locking the Android OS device and displaying the following message:

“You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc… We collect and download all of your personal data. All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family.”

The ransomware asks for 0.2 Bitcoins, which is currently worth US$180 (RM797).

The offending app in question.

Charger uses a heavy packing approach to infect devices, which is unlike HummingWhale’s modus operandi. Instead of downloading malicious file components after installation, Charger comes encrypted and compressed within the infected app and it ‘unpacks’ itself after it’s ready.

Google has already been notified of the malware, and they’ve taken the offending app down.

Source: Ars Technica, Check Point (blog)