Security Market Segment LS
Wednesday, 25 January 2017 10:51

Charger malware beats Google Play integrity

By

Check Point Threat Prevention has detected new zero-day mobile ransomware dubbed Charger, which is included in the now removed Energy Rescue app on Google Play.

The infected app steals contacts and SMS messages from a device and asks for admin permissions. If granted, the ransomware locks the device and displays a message demanding payment:

You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc… We collect and download all of your personal data. All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family.

The ransom requested is .2 bitcoins which at today’s rate is $235.57, a little steep in comparison to amounts requested for desktops.

Most malware that makes it to Google Play contains only a dropper that later downloads the real malicious components to the device. Charger uses a heavy packing approach which makes it harder for the malware to stay hidden, so it must compensate – Charger’s developers gave it everything to boost its evasion capabilities so it could stay hidden on Google Play for as long as possible.

The malware uses several advanced techniques to hide its real intentions and makes it harder to detect.

  • It encodes strings into binary arrays, making it hard to inspect them.
  • It loads code from encrypted resources dynamically, which most detection engines cannot penetrate and inspect. The dynamically-loaded code is also flooded with meaningless commands that mask the actual commands passing through.
  • It checks whether it is being run in an emulator before it starts its malicious activity. PC malware first introduced this technique which is becoming a trend in mobile malware having been adopted by several malware families including Dendroid
  • It does not run its malicious logic if the device is located in Ukraine, Russia, or Belarus

Most paid anti-virus/malware will soon detect Charger. Check Point's report is here.

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Ray Shaw

joomla stats

Ray Shaw [email protected]  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments