CheckPoint, a renowned security firm, has discovered that at least one app on Google Play Store is infected with Charger Malware. Charger malware is technically ransomware because the app managed to steal contacts and messages/SMS data from the infected device and then gains admin permissions to lock the device so that victim cannot use it. To resume control of the device and to get the data back, the victim has to pay the ransom, which is 0.2 Bitcoin ($180 approx).
The ransom payment message reads:
“You need to pay for us. Otherwise, we will sell a portion of your personal information on black market every 30 minutes. We give 100% guarantee that all files will restore after we receive payment. We will unlock the mobile device and delete all your data from our server! Turning off your phone is meaningless, all your data is already stored on our servers! We still can sell it for spam, fake, bank crime, etc… we collect and download all of your personal data. All information about your social networks, bank accounts, credit cards. We collect all data about your friends and family.”
CheckPoint’s mobile malware software identified the presence of Charger malware in EnergyRescue app on Google Play, but the company suspects that the malware is also present in other apps as well. EnergyRescue app was available for download on Google Play only for four days yet 1,000,000 to 5,000,000 downloads occurred in this timeframe.
According to security analysts at CheckPoint Oren Koriat and Andrey Polkovnichenko, “EnergyRescue has the largest arsenal of evasion methods we’ve seen to date; Charger could be an indicator of a wider effort by mobile malware developers to catch up with their PC ransomware cousins.”
Google has deleted the app and also thanked CheckPoint for pointing out the malware in an official statement, which read: “We appreciate Check Point’s efforts to raise awareness about this issue. We’ve taken the appropriate actions in Play, and will continue to work closely with the research community to help keep Android users safe.”