The largest mobile app store, Google Play, has recently again become a haven for an app with malicious code. The Cahrger ransomware was hidden right inside the EnergyRescue app, allowing the attackers to demand a ransom through the compromised phone.
From time to time, an app with malicious codes is simply found in the Play Store. However, Ransomware Changer stands out from its competition with its enormous aggressiveness. Immediately after installing the infected "app" itself, the attackers gain access to all your SMS messages. The app is even so cheeky that it prompts the unsuspecting user to grant copyright, which is not nice at all.
If the user agrees, they immediately lose all control over their phone - it is now in the hands of fraudsters who control it remotely. The device is immediately locked and a call to pay the ransom appears on the screen:
“You will have to pay us and if you don't we will sell some of your personal data on the black market every 30 minutes. We give you a 100% guarantee that all your data will be restored after receiving payment. We will unlock your phone and all stolen data will be deleted from our server! Turning off your smartphone is unnecessary, all your data is already stored on our servers! We may resell them for spamming, fraud, banking crimes and so on. We collect and download all your personal data. All informace from social networks, bank accounts, credit cards. We collect all the data about your friends and family.”
The ransom that the attackers demanded from the owners was rather "low". The price was 0,2 bitcoin, which is about 180 dollars (approx. 4 crowns). The infected application was in Google Play for about four days and, according to the statement of the so-called Check Point, it recorded only a low number of downloads. However, the company assumes that with this attack the hackers were only mapping the terrain and that a similar attack could come on a much larger scale in the future.
