Renowned security firm the CheckPoint has recently discovered that at least one app on Google Play Store was infected with the Charger Malware. This malware is technically a ransomware as it steals contacts and SMS/messages data from infected devices and then gains the admin permissions to lock that device so that the victim cannot use it. To get back the control of the device and the data back, the victim has to pay a ransom of 0.2 Bitcoin ($180 approx).
The ransom payment message reads as follows:
“You need to pay for us. Otherwise, we will sell a small portion of your personal information on black market every 30 minutes. We give 100% guarantee that all the files will be restore after we receive the full payment. We will unlock your mobile device and delete all your data from our servers! Turning off your phone is also pointless, all your data is already stored in our servers! We can sell it for a spam, fake, etc… we collect and download all of your data. All your information in social networks, bank accounts and credit cards.”
The CheckPoint’s mobile malware software has identified the presence of this Charger malware in EnergyRescue app on the Google Play, but company suspects that this malware is also present in many other apps as well. EnergyRescue app was available on Google Play to download only for four days yet it has 1,000,000 to 5,000,000 downloads have occurred in this timeframe.
According to the security analysts at the CheckPoint, Oren Koriat and Andrey Polkovnichenko, “EnergyRescue has largest arsenal of the evasion methods we have seen to this date; Charger could be an indicator of the wider effort by mobile malware developers to gain on their PC ransomware cousins.”
Google has deleted the app and also thanked CheckPoint for pointing out the malware in an official statement, which read: “We appreciate Check Point’s efforts to raise awareness about this issue. We’ve taken the appropriate actions in Play, and will continue to work closely with the research community to help keep Android users safe.”