Best daily deals

Affiliate links on Android Authority may earn us a commission. Learn more.

Ransomware-infected app gets removed from the Google Play Store

A security firm claims that an app in the Google Play Store installed a ransomware program, asking for money in exchange for not leaking personal data.
By
January 25, 2017

While the Google Play Store is supposed to be the most secure place for Android device owners to download apps, there have been a number of examples of malware finding its way into the storefront. This week, a security firm claims that an app in the store, EnergyRescue, became infected with a ransomware program called Charger.

15 best antivirus apps and best anti-malware apps for Android
App lists
A photograph of Google Play Protect functioning in the Googlel Play Store

According to the blog post by Check Point Software, the ransomware was first discovered several weeks ago. Once the app is installed, the ransomware program takes the device’s contacts and SMS messages, then asks the user for permission to access its admin privileges. If that happens, a message then pops up on the screen while also locking out the device. What’s more, the “Charger” program will then display this disturbing message on the device’s screen:

You need to pay for us, otherwise we will sell portion of your personal information on black market every 30 minutes. WE GIVE 100% GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT. WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER! TURNING OFF YOUR PHONE IS MEANINGLESS, ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS! WE STILL CAN SELLING IT FOR SPAM, FAKE, BANK CRIME etc… We collect and download all of your personal data. All information about your social networks, Bank accounts, Credit Cards. We collect all data about your friends and family.

The security firm also noted that its creators used a number of advanced coding techniques so that the app’s true nature could stay hidden in the store.

The good news is that Check Point Software informed Google of the infected EnergyRescue app, and the company has since deleted it from the Google Play Store. There’s no word on how many Android devices got hit with this Charger ransomware, though the blog post notes that at least one real-world handset was infected.

Google recently offered more information on how it finds and gets rid of any malware that could have been published in the Google Play Store. It also launched a new security-themed page on its Android Developers site, offering tips to app creators to make sure their creations are secure.

This latest example shows that even using the official Google Play Store is no guarantee that the app you may be downloading is secure and safe. While the company is taking a proactive approach to eliminating malware, everyone who owns an Android smartphone or tablet should not just download every app they may see listed in the store.