Security researchers claim to have discovered the second largest outbreak to hit Google’s Android platform, with as many as 21 million infections from one particular malware variant.
Dubbed ExpensiveWall after hiding inside Android wallpaper applications, the newly discovered malware strain sent fraudulent SMS messages and charged for faux services, according to Check Point researchers. The malware variant has infected at least 50 applications that were collectively downloaded between 1 million and 4.2 million times, according to data from Google Play. A sample of the malware, previously discovered by McAfee, was also installed millions of times. Altogether, there could be as many as 21.1 million victims infected with the strain, researchers claimed.
ExpensiveWall goes beyond siphoning victims’ money by pilfering data about the infected device, its location and IP address. The malware also forces users to click on online advertisements, a money-making scheme devised by the hackers who were also recipients of a pay-per-click ad chain.
Revealing further details of the workings of ExpensiveWall, researchers wrote:
Once ExpensiveWall is downloaded, it requests several common permissions, including internet access – which allows the app to connect to its C&C server – and SMS permissions – which enable it to send premium SMS messages and register users for other paid services all without the users knowledge.
For its part, Check Point disclosed details of its findings to Google on August 7. The search giant began removing infected applications from its Google Play Store. However, hackers were quick to upload another sample of the malware to Google Play that ultimately infected at least 5,000 devices before the apps’ removal four days later.
The malware breakout only comes second to the breadth in scope of infection of the Judy malware that struck Google’s Android platform in May. Although the malware infected fewer apps on the Google Play Store, it was downloaded as many as 36 million times.
Image credit: Pixabay.