A new malicious application has been discovered in the Google Play Store. The application in question contains a ransomware strain that has infected at least one user so far. Under the “Charger” name, this new ransomware resides within the EnergyRescue mobile application. As one would expect from this malware, it starts stealing sensitive information once the application is installed and executed.
New Android Ransomware Threat
Similarly to all other mobile application stores, Google’s Play Store thoroughly screens new applications being submitted. If there is anything suspicious about the application or its source code, it will often get declined. For some reason, the EnergyRescue application made it through with relative ease, although the damage has been somewhat contained. Security researchers noted “only” one handset had been affected by this new ransomware strain so far.
The Charger ransomware is proving to be a nasty type of malware that steals sensitive information from infected devices. SMS contacts are stolen right away, and device owners will be asked to grant the application full administrator privileges. Once the user grants these privileges, the Charger ransomware will lock the Android device and display a message asking for ransom.
Users are prompted to pay 0.2 Bitcoin, otherwise, the criminals would start leaking the device owner’s personal information on black markets every 30 minutes. It is not possible to get rid of this ransomware by turning off or restarting the mobile device. The criminals also claim they have gathered all information related to social media accounts, financial services, and login information, although that has not been officially confirmed.
It is one of the first times a mobile ransomware strain demands a Bitcoin payment. It remains unclear if any affected users have met this demand, although that seems highly unlikely. Interestingly enough, the app has been in the Google Play Store for a total of four days, while it has only been downloaded a handful of times. It appears researchers caught this ransomware before it could become a large problem.
Further research showed the world how this particular type of Android ransomware has been developed in a rather crafty manner. If the malware detects the mobile device is located in Russia, Belarus, or Ukraine, it will not execute the payload. It appears this decision is made to avoid legal actions in those countries. Whether or not that means the creator of Charger resides in either of these countries, remains to be seen, though.
It is not the first time Android users are faced with a major malware or ransomware threat, though. The HummingBad malware has caused a lot of havoc in recent times, as a total of twenty applications contained this payload. Somehow, they all got listed in the Google Play Store, yet were removed quickly afterward. Apple users can be hit with these types of ransomware attacks, and it is not unlikely criminals will target that operating system in the coming months.
If you liked this article, follow us on Twitter @themerklenews and make sure to subscribe to our newsletter to receive the latest bitcoin, cryptocurrency, and technology news.