|Mobile||T1642||Endpoint Denial of Service||
Charger locks the device if it is granted admin permissions, displaying a message demanding a ransom payment.
Charger checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine, Russia, or Belarus.
|Mobile||T1406||Obfuscated Files or Information||
Charger encodes strings into binary arrays to make it difficult to inspect them. It also loads code from encrypted resources dynamically and includes meaningless commands that mask the actual commands passing through.
|Mobile||T1636||.003||Protected User Data: Contact List|