14 DAY TRIAL // Ransomware app found its way into Google Play and managed to make at least one victim. The app has since been removed by the Android team.
According to security firm Check Point Software Technologies, several weeks ago they detected and quarantined an Android device that had this malware on it. The owner of the phone had downloaded an app that had this 0day mobile ransomware on it, named “Charger’.
The app the Android user installed on his phone was called EnergyRescue and has since been removed from the Store. However, that was not until it damaged this person’s phone. The infected app stole contacts, SMS messages and asked for admin permission. Once those were granted (and who does not tap blindly on their phone just to get through the installation process?), the ransomware locked the device and displayed a pretty telling message.
“You need to pay us,” the message starts, telling the reader that otherwise, they would sell portions of their personal information on the black market every 30 minutes. Pay the price, and all files would be restored.
The hackers behind the malware demanded 0.2 Bitcoins as payment, which means the amount depends on the Bitcoin price. Currently, that translates in about $180, more than the usual mobile ransomware so far. Check Point notes that payments were to be made to a specific Bitcoin account, but no transactions have been detected so far, indicating that the scheme may not have been successful at all.
This is not the first mobile ransomware detected
There has been other similar ransomware before, such as DataLust. By comparison, they used to only demand about $15 in order to return people’s data, which must have been a lot more lucrative since people are less likely to pitch a fit over a smaller sum. Charger, as Check Point indicates, must be trying to push mobile ransomware at the same level as PC ransomware, which is a lot more prolific.
Charger seems to follow the rules of other Android Malware before it, checking to see where the phone is actually located. If it is Ukraine, Russia or Belarus, there will be no malicious activity on said phone, indicating the hackers are likely from one of these nations.
People should pay extra attention when it comes to downloading apps from the Google Play and pick those that already have loads of reviews and have been tested and are secure. Most malware that gets discovered on Google Play only contains a dropper that later downloads the malicious components to the device. That means you might end up with a lot more than you expect when you download that flashlight app you were considering.
Just recently, the same security company has revealed that HummingBad malware is back and it is way worse than it was before, in the form of HummingWhale. That particular malware makes it act like the victims’ phones are clicking on ads, racking up loads of cash for the people behind it.