Researchers say a piece of ransomware disguised as Attack.Phishing a battery app made its way into the Play store . Check Point says one of its customers contracted the malware app , dubbed `` Charger , '' after installing what they thought was a battery monitoring tool called EnergyRescue . Researchers with Check Point Mobile Threat Prevention say the malware activates when EnergyRescue runs , and requires admin access to the device . Once that permission is granted , the malware checks for location ( it does not attack phones in the Ukraine , Belarus , or Russia ) , then swipes Attack.Databreach all user contacts and SMS messages and locks down the device . From there , the user is told that they must pay to deactivate Attack.Ransom the ransomware or they will have their full details spaffed out for various nefarious activities , including bank fraud and spam . `` You need to pay Attack.Ransom for us , otherwise we will sell portion of your personal information on black market every 30 minutes , '' the ransomware tells users . Not ones to be unprofessional , the Charger operators attempt to reassure their victims by offering a `` 100 % guarantee '' that once the 0.2 Bitcoin ransom Attack.Ransom ( currently around $ 183 ) is paid Attack.Ransom , all the collected information will be deleted and the device unlocked. `` The ransom demand Attack.Ransom for 0.2 Bitcoins is a much higher ransom demand Attack.Ransom than has been seen in mobile ransomware so far , '' note Check Point mobile security analysts Oren Koriat and Andrey Polkovnichenko . `` By comparison , the DataLust ransomware demanded Attack.Ransom merely $ 15 . '' Check Point says that thus far it has not spotted any payments being registered to the Bitcoin address used for the ransom collection Attack.Ransom , so it is unclear how much , if anything , has been made from this operation .