Another month, another bunch of Android malware that's found its way onto Google Play.
That's according to researchers from Check Point, who claimed to have found the second-biggest outbreak to ever hit Google's platform, with as many as 21.1 million infections from one malware family.
The malware's been dubbed ExpensiveWall after hiding inside wallpaper apps. The researchers warned it sent fraudulent premium SMS messages and charged for fake services. In the latest outbreak detected by Check Point, ExpensiveWall infected at least 50 apps, which together were downloaded between 1 million and 4.2 million times, according to data straight from Google Play. A previous sample of the malware, uncovered by McAfee, was installed millions of times too, taking the total number of victims to somewhere between 5.9 million and 21.1 million, the researchers claimed Thursday.
That's a lot, but not quite the stratospheric heights of the Judy malware, which hit Android in May and was downloaded as many as 36 million times, though it was in fewer apps on the Google Play store, as the tech giant had to throw 40 off its store, according to Check Point.
In terms of the biggest ever Android malware, Check Point mobile researcher Daniel Padon told ExpensiveWall was probably second only to Judy, though he couldn't put an estimate on how much the criminals made in the latest explosion in SMS fraud. Check Point disclosed its ExpensiveWall findings to Google on August 7. Google removed incriminating apps, though the hackers moved quickly, uploading another sample to Google Play that infected at least 5,000 devices before being removed four days later.
A Google spokesperson said: "We've removed these apps from Play and always appreciate the research community's efforts to help keep the Android ecosystem safe." ExpensiveWall doesn't just pilfer people's money, it also grabs data about the infected device, including location and IP address. It could also force users to click on online advertisements, another money-making scheme, as the hackers were at the end of the pay-per-click ad chain.
The researchers said in a blog post ExpensiveWall was able to find a way onto Google Play by using encryption techniques to hide its malicious code. They think ExpensiveWall has spread via some nice advertising over social platforms like LinkedIn, while it infiltrated legitimate apps by posing as a software development kit called "gtk." Developers, believing it to be innocent, embedded it in their apps. Not that all those who downloaded the infected apps were duped. As Check Point found, a handful of customers were angry about being scammed.
Alongside Judy and ExpensiveWall, Google Play has been plagued by various forms of fraud over the last year. A hacker going by the name Maza-In, interviewed in June, was blamed for a big spike in bank login thefts over the world's most popular mobile operating system. With this latest success for the crooks, it's apparent Google still has work to do to cut off fraudsters exploiting Android's openness.
Download SafeUM — communicate privately, without advertising and spam.
