S0323 Charger
Charger is Android malware that steals steals contacts and SMS messages from the user’s device. It can also lock the device and demand ransom payment if it receives admin permissions. 1
| Item | Value |
|---|---|
| ID | S0323 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.1 |
| Created | 25 October 2017 |
| Last Modified | 24 October 2022 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1642 | Endpoint Denial of Service | Charger locks the device if it is granted admin permissions, displaying a message demanding a ransom payment.1 |
| mobile | T1430 | Location Tracking | Charger checks the local settings of the device and does not run its malicious logic if the device is located in Ukraine, Russia, or Belarus.1 |
| mobile | T1406 | Obfuscated Files or Information | Charger encodes strings into binary arrays to make it difficult to inspect them. It also loads code from encrypted resources dynamically and includes meaningless commands that mask the actual commands passing through.1 |
| mobile | T1636 | Protected User Data | - |
| mobile | T1636.003 | Contact List | Charger steals contacts from the victim user’s device.1 |