Charger is Android malware that steals steals contacts and SMS messages from the user's device. It can also lock the device and demand ransom payment if it receives admin permissions. [1]

ID: S0323
Platforms: Android
Version: 1.1
Created: 25 October 2017
Last Modified: 24 October 2022

Techniques Used

Domain ID Name Use
Mobile T1642 Endpoint Denial of Service

Charger locks the device if it is granted admin permissions, displaying a message demanding a ransom payment.[1]

Mobile T1430 Location Tracking

Charger checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine, Russia, or Belarus.[1]

Mobile T1406 Obfuscated Files or Information

Charger encodes strings into binary arrays to make it difficult to inspect them. It also loads code from encrypted resources dynamically and includes meaningless commands that mask the actual commands passing through.[1]

Mobile T1636 .003 Protected User Data: Contact List

Charger steals contacts from the victim user's device.[1]