Google Play , the official market for Android apps , was caught hosting a ransomware app that infected at least one real-world handset , security researchers said Tuesday . The ransomware was dubbed Charger and was hidden inside an app called EnergyRescue , according to a blog post published by security firm Check Point Software . Once installed , Charger stole Attack.Databreach SMS contacts and prompted unsuspecting users to grant it all-powerful administrator rights . If users clicked OK , the malicious app locked the device and displayed Attack.Ransom the following message : You need to pay Attack.Ransom for us , otherwise we will sell portion of your personal information on black market every 30 minutes . WE GIVE 100 % GUARANTEE THAT ALL FILES WILL RESTORE AFTER WE RECEIVE PAYMENT . WE WILL UNLOCK THE MOBILE DEVICE AND DELETE ALL YOUR DATA FROM OUR SERVER ! TURNING OFF YOUR PHONE IS MEANINGLESS , ALL YOUR DATA IS ALREADY STORED ON OUR SERVERS ! WE STILL CAN SELLING IT FOR SPAM , FAKE , BANK CRIME etc… We collect and download Attack.Databreach all of your personal data . All information about your social networks , Bank accounts , Credit Cards . We collect Attack.Databreach all data about your friends and family . The app sought 0.2 Bitcoin , currently worth about $ 180 . In an e-mail , Check Point researchers said the app was available in Google Play for four days and had only a `` handful '' of downloads . `` We believe the attackers only wanted to test the waters and not spread it yet , '' the researchers told Ars . The infection was detected by Check Point 's mobile malware software , which the company sells to businesses . Google officials have since removed the app and have thanked Check Point for raising awareness of the issue

As users have become more attached to their mobile devices , they want everything on those devices . There ’ s an app for just about any facet of one ’ s personal and professional life , from booking travel and managing projects , to buying groceries and binge-watching the latest Netflix series . The iOS and Android apps for Netflix are enormously popular , effectively turning a mobile device into a television with which users can stream full movies and TV programs anytime , anywhere . But the apps , with their many millions of users , have captured the attention of the bad actors , too , who are exploiting the popularity of Netflix to spread malware . Recently , the ThreatLabZ research team came across a fake Netflix app , which turned out to be a new variant of SpyNote RAT ( Remote Access Trojan ) . Please note that our research is not about the legitimate Netflix app on Google Play . The spyware in this analysis was portraying itself as Attack.Phishing the Netflix app . Once installed , it displayed Attack.Phishing the icon found in the actual Netflix app on Google Play . This is a common trick Attack.Phishing played by malware developers , making the user think the app may have been removed . But , behind the scenes , the malware has not been removed ; instead it starts preparing its onslaught of attacks . It does so using the Services , Broadcast Receivers , and Activities components of the Android platform . Services can perform long-running operations in the background and does not need a user interface . Broadcast Receivers are Android components that can register themselves for particular events . Activities are key building blocks , central to an app ’ s navigation , for example . The SpyNote RAT registers a service called AutoStartup and a broadcast receiver named BootComplete . MainActivity registers BootComplete with a boot event , so that whenever the device is booted , BootComplete gets triggered . BootComplete starts the AutoStartup service and the AutoStartup service makes sure that MainActivity is always running . What follows are some of the features exhibited by SpyNote RAT . Command execution can create havoc for victim if the malware developer decides to execute commands in the victim ’ s device . Leveraging this feature , the malware developer can root the device using a range of vulnerabilities , well-known or zero-day . SpyNote RAT was able to take screen captures and , using the device ’ s microphone , listen to audio conversations . This capability was confirmed when the Android permission , called android.permission.RECORD_AUDIO , was being requested along with code found in the app . They tend to target any antivirus protections on the device and uninstall them , which increases the possibility of their malware persisting on the device . SpyNote RAT was designed to function only over Wi-Fi , which is the preferable mode for Android malware to send files to C & C . - There were two interesting sub-classes found inside Main Activity : Receiver and Sender . Receiver was involved in receiving commands from the Server and the main functionality of Sender was to send all the data collected to the C & C over Wi-Fi . - SpyNote RAT was also collecting Attack.Databreach the device ’ s location to identify the exact location of the victim . The SpyNote Remote Access Trojan ( RAT ) builder is gaining popularity in the hacking community , so we decided to study its pervasiveness . What we found were several other fake apps developed using the SpyNote builder , which should come as a warning to Android users . Furthermore , we found that in just the first two weeks of 2017 , there have been more than 120 such spyware variants already built using the same SpyNote Trojan builder as SpyNote RAT and roaming in the wild . A complete list of sample hashes is available here . The days when one needed in-depth coding knowledge to develop malware are long gone . Nowadays , script kiddies can build a piece of malware that can create real havoc . Moreover , there are many toolkits like the SpyNote Trojan builder that enable users to build malware with ease and few clicks . In particular , avoid side-loading apps from third-party app stores and avoid the temptation to play games that are not yet available on Android . Yes , we are talking about SuperMarioRun , which was recently launched by Nintendo only for iOS users . Recent blogs by the Zscaler research team explain how some variants of Android malware are exploiting Attack.Phishing the popularity of this game and tricking Attack.Phishing Android users into downloading a fake version . You should also avoid the temptation to play games from sources other than legitimate app stores ; such games are not safe and may bring harm to your reputation and your bank account . Zscaler users are protected from such attacks with multiple levels of security . Zscaler security is so comprehensive , you can forget about it