A dangerous malware for Android has been identified a few days ago that is known as the Android Ransomware, continue reading to find out more.
Android Charger Ransomware Runs Wild
Security experts identified a new dangerous Adroid malware which causes a lot of damage to the infected devices. The new threat is called The Android Charger ransomware as it actually imitates some of the behavior patterns of the computer-based ransomware strains. Several weeks ago security researchers from the Check Point Mobile Threat Prevention team detected and quarantined a suspicious acting Android device of a customer. According to their preliminary security analysis it has been used to download and install a zero-day ransomware from the Google Play Store known simply as Charger.
As the investigation into the threat unfolded the team discovered that this is actually a dangerous virus threat, various other experts and reporters have since called it the Android Charger Ransomware. It was discovered in a malicious app called EnergyRescue on the Google Play Store before it has been taken following by Google following a prompt notification from the security team.
This applications steals contacts and apprehends the SMS messages from the user’s device before asking for further administrative privilege rights. If they are granted then the ransomware will lock the device and display a message demanding a ransomware payment, this is very typical to the screenlocker type of malware that have grown in popularity in the last six months.
The contents of the message reads the following:
You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc… We collect and download all of your personal data. All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family.
The ransomware demands a payment of 0.2 Bitcoins which is around 180 US Dollars at the moment. In addition the Android Charger Ransomware also checks the local settings, language and location of the infected hosts. If the Android device is located in Belarus, Russia or Ukraine, then it will not execute. The malware uses several techniques to evade detection making it a formidable threat:
The malware encodes its strings into binary arrays which them hard to detect and inspect.
The load is loaded from encrypted resources in a dynamic way. This prevents most malware detection engines from inspecting the code. This also masks the actual commands that are being executed.
The Charger Malware is able to perform a virtual machine and emulator check.
For more information about it you can read the in-depth blog post on Check Point Security’s blog.