Google has removed the popular EnergyRescue app from its app store, Google Play Store; after researchers at CheckPoint Security pointed out that the app had been infested with a special type of ransomware called Charger Malware.
According to a post by Google, the company said that it prioritises the safety of its clients and that it had taken the necessary step of removing EnergyRescue from the store to safeguard its clients.
‘We thank the researchers at CheckPoint for pointing the malware in EnergyRescue’, the statement read in part.
News of the existence of the malware in the app was made public after two security researchers at CheckPoint, Andrey Polkovnichenko and Oren Koriat conducted tests on the app and discovered that it contained a special form of ransomware that criminals were actively using to extort people.
In their initial analysis of the malware, the two researchers pointed out that the malware had the specific features that helped it to evade detection and remain a potent danger to many users.
‘EnergyRescue can escape detection in many instances, and criminals are using this attribute to launch more attacks,’ they said in a post.
The researchers further pointed out that the behaviour of EnergyRescue pointed towards a sustained effort by criminals to develop malware programs for mobile devices that match the manner in which desktop computer malware programs work.
The Charger Malware, as it is referred to in this case, is said to be working by first stealing all the personal information that is stored on a mobile device.
The malware accesses all the data that an individual may have stored on the mobile device by first asking for administrator rights, as many other genuine and useful apps work to function properly.
However, it has been reported that once the program accesses all the information, it automatically locks the device, thus making it impossible for the owner of the device to access it.
The malware then displays a message on the device, indicating that criminals are in charge of the device and that the owner has to pay a fixed amount of money to regain access to the device.
It has been further reported that the ransomware message that the malware displays contains threats, asking the owner of the affected device not to bother switching it off because the criminals already have access to the data and that they are willing to sell it on the black market.
The CheckPoint researchers further pointed out that it is important for users only to download apps from their official app stores and not from sites owned by third parties.