A new ransomware, called ‘Charger’ embedded in an Android app threatens to sell the victim’s private info on the black market if they don’t pay. After the user the app, EnergyRescue, the app asks for admin permissions. After receiving the permission, the device is locked and information such as social network details, bank accounts, credit cards, and info about friends and families are claimed to have been compromised. The ransom is set to about .2 BTC, equivalent to $180.
In order for the malware to stay hidden, strings are encoded into binary arrays (making it harder for inspection), code is loaded from “encrypted resources dynamically”, and “checks whether it runs in an emulator” before the routine is run. This makes it difficult for detection due to the inability for most detection engines to “penetrate and inspect dynamically-loaded code.”
http://www.securityweek.com/charger-android-ransomware-infects-apps-google-play
Leave a Reply
You must be logged in to post a comment.