Research firm Check Point has identified as many as 50 malicious apps on Google Play that charge premium fees to its users without their knowledge for fake services. These apps have been downloaded between 1 million to 4.2 million times on Google Play, and have infected at least 5,000 devices so far. As soon as the tech giant was intimated of these apps, they were removed from the Google Play store.
This new variant of Android malware is called 'ExpensiveWall' and it sends fraudulent premium SMS messages and charges users' accounts for fake services without their knowledge. It derives its name from one of the apps it uses to infect devices called Lovely Wallpaper. These apps are able to manoeuvre through Google's malware protection, and get listed on Google Play, and even get millions of downloads.
The ExpensiveWall malware registers victims to premium services without their knowledge and sends fraudulent premium SMS messages, charging their accounts for fake services. Once these malware apps are downloaded, it asks for several permissions, like any other regular app. However, for these particular apps, the permissions allows the app to connect to its fraudulent servers for transferring sensitive data, and SMS permissions enable it to send premium SMS messages and register users for other paid services all without the users knowledge.
After it is installed and granted the necessary permissions, ExpensiveWall sends data about the infected device to its C&C server, including its location and unique identifiers, such as MAC and IP addresses, IMSI, and IMEI. It is even more dangerous as the malware is capable of operating silently without the victim's knowledge, turning it into the ultimate spying tool.
"What makes ExpensiveWall different than its other family members is that it is 'packed' - an advanced obfuscation technique used by malware developers to encrypt malicious code - allowing it to evade Google Play's built-in anti-malware protections," Check Point notes on its blog. The full list of malicious apps is also mentioned in this post.
Many users have already written warnings about these apps in the reviews section asking others not to download them. Apps like I Love Filter, Beautiful Camera, Fascinating Camera, and more are all listed to be Trojan apps, however all of them are no longer available on Google Play. As we mentioned, once Google was noted about the malware, it removed all the malicious apps from Google Play immediately, but some of these apps found their way back on the app store. They then managed to infect as many as 5,000 devices before ultimately being removed again after four days.
Check Point also notes that even if these apps have been removed from Google Play, they will continue to infect the smartphone until and unless they are manually uninstalled from the device. These apps are showing up on Instagram and other social platforms as push adverts for downloads, and we advise you to take a look at the reviews, and see the authenticity before downloading any app from Google Play. Also, take caution before agreeing to permissions when you download a new app, and look for anything that is out of ordinary.