Security

Android malware bypassed Google Play store security, could have infected 4.2 million devices

A new Android malware variant known as ExpensiveWall uses SMS messages to charge victims for fraudulent services without their knowledge or consent.

A new form of Android malware was able to slip past the anti-malware protections in Google Play and could have infected up to 4.2 million devices, according to a report from Check Point security researchers. According to the report, ExpensiveWall infected at least 50 apps and could have been downloaded 1-4.2 million times.

So, what does this malware do? The report said that it "sends fraudulent premium SMS messages and charges users' accounts for fake services without their knowledge." It also uses an obfuscation technique that allows it to encrypt the malicious code and sneak past certain malware protections.

After finding some samples of this malware, the researchers notified Google on August 7, leading to Google removing the apps from the Google Play store. Although, even after their removal, the report said, another sample showed up later leading to more infections.

SEE: Information security incident reporting policy template (Tech Pro Research)

"It's important to point out that any infected app installed before it was removed from the App store, still remains installed on users' devices. Users who downloaded these apps are therefore still at risk and should manually remove them from their devices," the report said.

While the malware is currently just a way for the attackers to make money, it could lead to something much worse, the report said. The same techniques used to generate profit could be leveraged to steal pictures and data, record audio, and send it all to a command and control (C&C) server. And it would be able to do all of this without the victim knowing.

When a user downloads ExpensiveWall, it will make requests for internet access and other permissions. These are similar to permissions asked for by legitimate apps, so many users will simply click Yes.

Users should check the reviews of any suspected apps before downloading, and be careful not to quickly go through requested permissions for new apps.

The 3 big takeaways for TechRepublic readers

  1. The new Android malware ExpensiveWall got past the anti-malware protections in Google Play, and could have been downloaded up to 4.2 million times.
  2. ExpensiveWall sends premium SMS messages and charges users for fraudulent services without their knowledge.
  3. Android users should be careful not to grant blanket permissions to new apps and be wary of apps with reviews that point to scam activity.

Also see

Image: iStockphoto/Kirill_Savenko

About Conner Forrest

Conner Forrest is a Senior Editor for TechRepublic. He covers enterprise technology and is interested in the convergence of tech and culture.

Editor's Picks

Free Newsletters, In your Inbox