Register to stream ATT&CKcon 2.0 October 29-30


Charger is Android malware that steals steals contacts and SMS messages from the user's device. It can also lock the device and demand ransom payment if it receives admin permissions. [1]

ID: S0323
Platforms: Android
Version: 1.1

Techniques Used

Domain ID Name Use
Mobile T1432 Access Contact List Charger steals contacts from the victim user's device. [1]
Mobile T1430 Location Tracking Charger checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine, Russia, or Belarus. [1]
Mobile T1446 Lock User Out of Device Charger locks the device if it is granted admin permissions, displaying a message demanding a "ransom" payment. [1]
Mobile T1406 Obfuscated Files or Information Charger encodes strings into binary arrays to make it difficult to inspect them. It also loads code from encrypted resources dynamically and includes meaningless commands that mask the actual commands passing through. [1]