Google Play Store Apps

New Ransomware “Charger” Found On The Google Play Store

A new app which became available to download from the Google Play Store was found to contain a new ransomware which is now being labeled as “Charger”, according to a new report published by Check Point. The app in question was Energy Rescue and has now reportedly been removed from the Google Play Store, following the information being passed on from Check Point to Google.

According to the details, Charger is able to effectively steal contact and SMS message data from a device it is installed on. The app also looks to secure admin permissions and if granted, then starts to lock down the smartphone with a view to demanding a fee from the owner to unlock the device. The reported amount asked for was $180 in the form of 0.2 Bitcoins. Which is one of the main observations pointed out by Check Point, as this seems to be a ransom figure significantly higher than what other forms of ransomware often demand.

Another way in which this particular malware is thought to differ from other malware is that it does comes with a ‘heavy packing approach’ where the malware is present in full and does not look to download malicious components at a later time. As a result, Checkpoint explains that the malware makes use of advanced measures to help keep itself hidden. Including, the encoding of strings into binary arrays, loading code from encrypted resources dynamically, and routinely checking to see if it is being used in an emulator before executing. All of which are said to lessen the possibility of detection.

What is interesting though, is that Check Point note that they do not believe that the developers of Charger were looking to really make an impact with this release. Instead, in comments made to Ars Technica, Check Point explains that their understanding is that the developers were simply looking to only ‘test the waters’ on this occasion. Which could lead to the assumption that if the waters were tested successfully, then this could make its way out in a much grander form. At present however, Check Point also explained that only a “handful” of downloads of the Energy Rescue app occurred during the four days that the app was available via the Google Play Store. Although, in spite of a limited number of downloads, the blog posting does confirm that Charger was “detected and quarantined” on an Android device.

…read more

Source: AndroidHeadlines

Nasty Android Malware that Infected Millions Returns to Google Play Store

HummingBad – an Android-based malware that infected over 10 million Android devices around the world last year and made its gang an estimated US$300,000 per month at its peak – has made a comeback.

Security researchers have discovered a new variant of the HummingBad malware hiding in more than 20 Android apps on Google Play Store.The infected apps were already downloaded by over 12 Million unsuspecting users before the Google Security team removed them from the Play Store.

Dubbed HummingWhale by researchers at security firm Check Point, the new malware utilizes new, cutting-edge techniques that allow the nasty software to conduct Ad fraud better than ever before and generate revenue for its developers.The Check Point researchers said the HummingWhale-infected apps had been published under the name of fake Chinese developers on the Play Store with common name structure, com.[name].camera, but with suspicious startup behaviors.

“It registered several events on boot, such as TIME_TICK, SCREEN_OFF and INSTALL_REFERRER which [were] dubious in that context,” Check Point researchers said in a blog post published Monday.

HummingWhale Runs Malicious Apps in a Virtual Machine


The HummingWhale malware is tricky than HummingBad, as it uses a disguised Android application package (APK) file that acts as a dropper which downloads and runs further apps on the victim’s smartphone.

If the victim notices and closes its process, the APK file then drops itself into a virtual machine in an effort to make it harder to detect.

The dropper makes use of an Android plugin created by the popular Chinese security vendor Qihoo 360 to upload malicious apps to the virtual machine, allowing HummingWhale to further install other apps without having to elevate permissions, and disguises its malicious activity to get onto Google Play.

“This .apk operates as a dropper, used to download and execute additional apps, similar to the tactics employed by previous versions of HummingBad,” researchers said. “However, this dropper went much further. It uses an Android plugin called DroidPlugin, originally developed by Qihoo 360, to upload fraudulent apps on a virtual machine.”

HummingWhale Runs Without having to Root the Android Device

Thanks to the virtual machine (VM), the HummingWhale malware no longer needs to root Android devices unlike HummingBad and can install any number of malicious or fraudulent apps on the victim’s devices without overloading their smartphones.

Once the victim gets infected, the command and control (C&C) server send fake ads and malicious apps to the user, which runs in a VM, generating a fake referrer ID used to spoof unique users for ad fraud purposes and generate revenue.

Alike the original HummingBad, the purpose of HummingWhale is to make lots of money through ad fraud and fake app installations.

Besides all these malicious capabilities, the HummingWhale malware also tries to raise its reputation on Google Play Store using fraudulent ratings and comments, the tactic similar to the one utilized by the Gooligan malware.

…read more

Source:  TheHackerNews

Thanks Android Headlines, TheHackerNews and for reading Google Play Store Apps

This Site is Blocked By Some Browsers, WOT And Parental Controls Triggered By TERMS and TOPICS of Internet Crime; Child Porn, Pornography Addiction, Sexting, Sextortion, Sexual Harassment.  Children as young as nine years old are Watching Porn and Sexting.

Use the POWER of Social Media SHARING  to HELP INCREASE AWARENESS of these important topics for Parents, Friends and our Children

Like and Share on our Facebook page


Loading ....
Dr Don
Founder/Admin The Internet Crime Fighters Org, Internet Users Handbook, Author The Internet Users Handbook, See more
Dr Don
Dr Don
Dr Don

Latest posts by Dr Don (see all)

Comments 2

Leave a Reply