A new app which became available to download from the Google Play Store was found to contain a new ransomware which is now being labeled as “Charger”, according to a new report published by Check Point. The app in question was Energy Rescue and has now reportedly been removed from the Google Play Store, following the information being passed on from Check Point to Google.
According to the details, Charger is able to effectively steal contact and SMS message data from a device it is installed on. The app also looks to secure admin permissions and if granted, then starts to lock down the smartphone with a view to demanding a fee from the owner to unlock the device. The reported amount asked for was $180 in the form of 0.2 Bitcoins. Which is one of the main observations pointed out by Check Point, as this seems to be a ransom figure significantly higher than what other forms of ransomware often demand.
Another way in which this particular malware is thought to differ from other malware is that it does comes with a ‘heavy packing approach’ where the malware is present in full and does not look to download malicious components at a later time. As a result, Checkpoint explains that the malware makes use of advanced measures to help keep itself hidden. Including, the encoding of strings into binary arrays, loading code from encrypted resources dynamically, and routinely checking to see if it is being used in an emulator before executing. All of which are said to lessen the possibility of detection.
What is interesting though, is that Check Point note that they do not believe that the developers of Charger were looking to really make an impact with this release. Instead, in comments made to Ars Technica, Check Point explains that their understanding is that the developers were simply looking to only ‘test the waters’ on this occasion. Which could lead to the assumption that if the waters were tested successfully, then this could make its way out in a much grander form. At present however, Check Point also explained that only a “handful” of downloads of the Energy Rescue app occurred during the four days that the app was available via the Google Play Store. Although, in spite of a limited number of downloads, the blog posting does confirm that Charger was “detected and quarantined” on an Android device.