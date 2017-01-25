Security outfit Check Point revealed that Google Play was hosting an app – or probably a number of them – that was infected by the “Charger” malware. This is technically ransomware, as the app steals your SMS and contacts data and then proceeds to lock up your device. The only way you get back your data and control over your device is to pay the ransom, it seems.

The Charger ransomware was found in an app called “EnergyRescue”, so we suggest you stay clear of apps like that if you know what’s good for you. The app apparently stole SMS messages and contacts, and when granted admin permissions locked up the device. The ransom message is displayed like this:

You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc… We collect and download all of your personal data. All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family.

The ransomware app asked for 0.2 Bitcoin, or somewhere around USD$180. Check Point researchers said the app was available in Google Play for just four days and had only a “handful” of downloads. The infection was detected by Check Point’s mobile malware software, which the company sells to businesses. Google has removed the app and they have thanked Check Point for raising awareness of the malware.

SOURCE: Check Point