September 14, 2017 by

Second Largest Android Malware Outbreak Infects 21 Million Victims

Security researchers claim to have discovered the second largest outbreak to hit Google’s Android platform, with as many as 21 million infections from one particular malware variant.

Dubbed ExpensiveWall after hiding inside Android wallpaper applications, the newly discovered malware strain sent fraudulent SMS messages and charged for faux services, according to Check Point researchers. The malware variant has infected at least 50 applications that were collectively downloaded between 1 million and 4.2 million times, according to data from Google Play. A sample of the malware, previously discovered by McAfee, was also installed millions of times. Altogether, there could be as many as 21.1 million victims infected with the strain, researchers claimed.

ExpensiveWall goes beyond siphoning victims’ money by pilfering data about the infected device, its location and IP address. The malware also forces users to click on online advertisements, a money-making scheme devised by the hackers who were also recipients of a pay-per-click ad chain.

Revealing further details of the workings of ExpensiveWall, researchers wrote:

Once ExpensiveWall is downloaded, it requests several common permissions, including internet access – which allows the app to connect to its C&C server – and SMS permissions – which enable it to send premium SMS messages and register users for other paid services all without the users knowledge.

For its part, Check Point disclosed details of its findings to Google on August 7. The search giant began removing infected applications from its Google Play Store. However, hackers were quick to upload another sample of the malware to Google Play that ultimately infected at least 5,000 devices before the apps’ removal four days later.

The malware breakout only comes second to the breadth in scope of infection of the Judy malware that struck Google’s Android platform in May. Although the malware infected fewer apps on the Google Play Store, it was downloaded as many as 36 million times.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is a digital forensics and cybersecurity intelligence firm based in New York City. LIFARS is ranked as one of the top Digital Forensics and Cyber Investigations companies in 2016 and as one of the top cybersecurity companies in the New York metropolitan area for 2015 on the Cybersecurity 500 – a directory of the hottest and most innovative companies to watch in the cybersecurity industry.

Related articles

Dangerous Android Banking Trojan, SVPENG, modified with a Keylogger

In mid-July this year, it was discovered that a well-known banking malware,...

Read more arrow_forward

Android Ransomware App Threatens Spread of Pictures & Messages

Security researchers have uncovered a new form of ransomware that does not encrypt files to extort...

Read more arrow_forward

Dvamp is Android’s First Trojan Malware with Code Injection

A sophisticated and dangerous new trojan malware, Dvamp, has emerged as the first-known trojan for...

Read more arrow_forward