A number of users of the official Google Play store were unpleasantly surprised recently after downloading a fake Android app posing as a battery life booster. Named Charger, this phony app turned out to disguise ransomware intended to steal contacts and messages while paralyzing the user’s device. While official app stores like the Google Play store or Apple’s App Store are often thought to be immune to such attacks, the Charger incident highlights the fact that caution must be exercised to avoid falling victim to ransomware even through official channels.
In the last weeks of December, the Charger app became available in the Google Play store. Despite purporting to boost battery life by scanning for weak cells and repairing them, this fraudulent app actually distributed a recently-developed ransomware. Once installed, this ransomware caused a threatening message to appear on the victim’s screen warning them that personal and sensitive information related to credit cards, bank accounts, social network activity and personal contacts had been copied onto an external malicious server. The ransom message went on to threaten to sell the victim’s data at 30-minute intervals unless 0.2 bitcoins (or approximately $180) were paid. Charger was able to bypass the Google Play store’s security protection because the ransomware was hidden within an encrypted portion of the app’s code that the official store’s static analysis engine was unable to scan. By the end of January, Google has recognized the threat, removed the Charger app from the Google Play store and added a patch for the malware to Android’s natural protection mechanisms.
The Charger incident brings attention to the fact that ransomware can exist even on supposedly secure official app stores. To be sure, the threat of ransomware is significantly decreased by avoiding third-party app stores and sticking to official channels. However, a McAfee report revealed that, of 150 million scanned apps offered by official app stores, 18 million apps concealed malware or were otherwise suspicious. Many users have been lulled into a false sense of security by using only official apps stores which have prevented them from taking sufficient care to avoid fake apps disguising ransomware. Before you download any app from an official app store–particularly if the app is new and not well-known–take a few seconds to research the app developer on Google to see if there are any noted concerns. Reading reviews can also help you avoid fraudulent apps. Lastly, keeping your tablet or smartphone’s operating system updated with the latest security patches is generally a good policy to protect your device from emerging malware threats.
Are you facing a ransomware attack after downloading a fake app? The experts at Vancouver’s Purplo Consulting, Inc. can help you remove the ransomware from your device with minimal impact. Contact us today at (604) 629-9936 or firstname.lastname@example.org to learn more.