After analyzing the ransomware, researchers found several things that stood out, compared to previous Android ransomware families.
Google has removed an app from the Play Store that contained a new Android ransomware family named Charger.
Additionally, just like a lot of desktop ransomware, Charger included checks that prevented the ransomware from executing if the phone’s owner was from countries such as Russia, Belarus, or the Ukraine.
Last, Charger also included code that would check if the app ran inside Android emulators, and stop the ransomware from triggering.
Second, they loaded malicious code from encrypted resources, where Google’s detection engine could not reach to inspect.
Ransomware app hosted in Google Play infects unsuspecting Android user
Google Play, the official market for Android apps, was caught hosting a ransomware app that infected at least one real-world handset, security researchers said Tuesday.
In an e-mail, Check Point researchers said the app was available in Google Play for four days and had only a “handful” of downloads.
Google officials have since removed the app and have thanked Check Point for raising awareness of the issue.
The ransomware was dubbed Charger and was hidden inside an app called EnergyRescue, according to a blog post published by security firm Check Point Software.
In the blog post, Check Point researchers added:Most malware found on Google Play contains only a dropper that later downloads the real malicious components to the device.
collected by :Mina Lony