Charger - Zero-Day Mobile Ransomware

Researchers found the malware rooted in a fake utility app, EnergyRescue. The app advertised itself as a tool to help with a user’s battery life by scanning for and fixing weak cells. The app has now been removed from the Google Play Store although it is believed that the ransomware is also present in other apps. EnergyRescue was downloaded between 1,000,000 and 5,000,000 times during the four days it was present on the app store.

The ransomware has the capability to obtain access to contacts and SMS messages and can also compromise a user’s device by asking for admin permissions. If permissions are granted by the user, it will lock the device and display a ransom note.

The ransom note has a menacing tone, threatening to sell personal information on the black market if the demand for ransom is not met. The ransom is currently 0.2 Bitcoins (around £150) and the criminals also point out that they have already saved all of the user’s personal data to their servers. This information is said to include social network details, bank accounts as well as information about the user’s family and friends. Affected users are directed towards a Bitcoin wallet to make payment in exchange for their phone to be released.

It is interesting to note that the Charger ransomware does not activate if it learns that the device is located in Ukraine, Russia or Belarus. This indicates a possibility that the attackers are based in these countries or an attempt to evade prosecution in their home countries.