New ExpensiveWall Malware Tracking Users and Forcing Payments
Google has just removed 50 apps from the Google Play Store after it found them to be using a new malware, which has been named ExpensiveWall. The new malware has already been downloaded up to 4 million times, and can force a device to receive premium rate SMS messages.
When a premium rate SMS message is sent, the smartphone owner is charged through their mobile phone bill and the money then goes to the malware operators.
According to researchers looking into ExpensiveWall, the malware spanned across multiple different wallpaper and home screen apps, although the largest number of affected users were infected by the now-removed Lovely Wallpaper app.
In a blog post written by Check Point researchers, Elena Root, Andrey Polkovnichenko and Bohdan Melnykov mentioned “ExpensiveWall is a new variant of malware found earlier this year on Google Play. The entire malware family has now been downloaded between 5.9 million and 21.1 million times.”
Whilst other ExpensiveWall malware variants have mostly been squashed, the latest version, which has recently infected 50 now-removed Google Play Store apps, uses a new technique to remain undetected. In the new variant, the malware hides in programs and then encrypts them to hide from the user and from any anti-malware apps.
When it comes to malicious software, is has been a difficult year for Google – thousands of apps have been added to the Google Play Store and they have managed to infect millions of devices before Google has managed to remove them.
The malware seen on the Play Store has varied. Some, like ExpensiveWall, force premium SMS messages to be sent to and from a device to build up charges.
Others simply spread adware to help malware operators earn ad revenue. Others use privacy-breaching techniques such as SMS tracking and keylogging to grab user passwords and bank details.
It shows that smartphone owners, Android users especially, should be extra careful about the kinds of applications that they download. At this point in time, Android users should never download applications outside of the Google Play Store.
Even then, not all apps in the Google Play Store can be trusted. Malware creators are getting smarter at hiding malicious software inside of seemingly normal and functional mobile applications. As a result, Android owners must be more vigilant when installing apps even when using the Google Play Store.
There are a number of practices that an Android owner can follow to keep themselves safe from malware whilst using the Google Play Store. Firstly, Android owners should only aim for apps with a high number of downloads. Android owners should also check the reviews on an application.
Sometimes, a large number of 5 star reviews can be a good indication of whether the app is safe or not. This isn’t always the case though – sometimes malware operators will create fake reviews to trick those browsing the app store into thinking the app is safe.
You can often tell this is the case when all of the reviews come from profiles with no profile images and include comments like ‘great app,’ or ‘very useful’ as opposed to sharing details about the features in the app.