One of Checkpoint’s customer’s employee downloaded a malicious app called “EnergyRescue” which consisted of zero day mobile ransomeware (Doxware)from Google Play store. The ransomeware dubbed “Charger” and has appeared to be downloaded by millions of Android users.
The ransomeware infected app gets access to contacts and SMS messages from the user’s device requesting admin permissions appears to be genuine. Once the admin permission is granted, the ransomware locks the device and requests the ransom from the victim for .2 bitcoins which is almost 180$. This amount is pretty high for the same category which has been seen lately.
The ransomware demands the money or else threatens to post the user data online every 30 minutes.
“You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes,WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER!TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc… We collect and download all of your personal data. All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family.“
The malware contains a dropper which attracts real malicious components to the mobile device.
Hence the real impact is unknown but this app has infected millions of users worldwide. Recommendation can be found here
New Variant of HummingBad malware found inside more than 20 apps on Google play infects millions Researchers from Checkpoint have discovered a dubbed HummingWhale Android malware, Hummingbad was found inside more than 20 Google play apps. One of the apps inside Google play with Hummingbad infection appears to have been downloaded more than a millions […] Continue reading →
The first Android banker malware (Android.BankBot.149.origin) of 2017 is already out and its source code is put on the web. This Android malware can steal users banking information and send it to CnC servers. The source code available on the web also means more variants of this malware will be seen in the wild very […] Continue reading →
Researchers from Checkpoint have identified that a dubbed malware Gooligan has infected more than 1.3 million Android users globally. Android targeted malware campaign infects devices and steals authentication tokens which is then used to access data from Google apps such as Google play, Gmail, google photos google docs, google drive and many others. The malware […] Continue reading →
The Clash of the Kings is one of the most liked game on the mobile environment with more than 100 million downloads but recent hack exposes its 1.6 million gamer information exposed. The hacker exploited outdated vBulletin software(forum’s) and the vulnerability dates back to late 2013 which includes easily exploited security flaws. The exposed data includes usernames, […] Continue reading →
In September, researchers at FireEye Labs discovered a group of malicious adware created by a company based in China and Singapore called NGE Mobi/Xinyinhe. On October 7, FireEye detected a similar adware family capable of completely taking over Android based devices. Researchers have named it kemoge after its CnC domain aps.kemoge.net. It is believed that […] Continue reading →
One of the most malicious attacks that can ever be launched on a website is being flooded with multiple requests that it cannot handle, otherwise known as DDoS’es. According to internet security researchers, this nightmare may have recently become a reality after one site was targeted in such a manner with an aim of overwhelming […] Continue reading →
A mobile app development company has been identified as the perpetrator of distributing malicious applications globally and hacking the Android phones of users on whose devices these apps are installed. The apps grant complete access to the Android devices of the users and the attackers can gain total control over these devices. These malware apps […] Continue reading →
UT Austin ISO (Information Security Office) has detected a bug in Android 5.x that allows hackers to bypass the locked screen of the phone and access the home screen or other functions of the phone. For the purpose of the attack however the attacker must have physical access to the phone and the screen should […] Continue reading →
Stagefright Security patch leaves more than 950 million devices vulnerable hacked by a text The Stagefright vulnerability allows attacker to hack a phone with a text. Wiki (CVE-2015-3824) The patch issued by Google for Stagefright doesn’t fix the vulnerability leaving more than 95% of the Android devices vulnerable. The Android devices running version 2.2 to […] Continue reading →