September 14, 2017 by

Second Largest Android Malware Outbreak Infects 21 Million Victims

Security researchers claim to have discovered the second largest outbreak to hit Google’s Android platform, with as many as 21 million infections from one particular malware variant.

Dubbed ExpensiveWall after hiding inside Android wallpaper applications, the newly discovered malware strain sent fraudulent SMS messages and charged for faux services, according to Check Point researchers. The malware variant has infected at least 50 applications that were collectively downloaded between 1 million and 4.2 million times, according to data from Google Play. A sample of the malware, previously discovered by McAfee, was also installed millions of times. Altogether, there could be as many as 21.1 million victims infected with the strain, researchers claimed.

ExpensiveWall goes beyond siphoning victims’ money by pilfering data about the infected device, its location and IP address. The malware also forces users to click on online advertisements, a money-making scheme devised by the hackers who were also recipients of a pay-per-click ad chain.

Revealing further details of the workings of ExpensiveWall, researchers wrote:

Once ExpensiveWall is downloaded, it requests several common permissions, including internet access – which allows the app to connect to its C&C server – and SMS permissions – which enable it to send premium SMS messages and register users for other paid services all without the users knowledge.

For its part, Check Point disclosed details of its findings to Google on August 7. The search giant began removing infected applications from its Google Play Store. However, hackers were quick to upload another sample of the malware to Google Play that ultimately infected at least 5,000 devices before the apps’ removal four days later.

The malware breakout only comes second to the breadth in scope of infection of the Judy malware that struck Google’s Android platform in May. Although the malware infected fewer apps on the Google Play Store, it was downloaded as many as 36 million times.

Image credit: Pixabay.

About the author

Image of Author

LIFARS is the global leader in Digital Forensics and Cyber Resiliency Services. Our experience spans two decades working on high profile events, often in concert with Law Enforcement Agencies around the world. Our proprietary methodology derives directly and indirectly from our experience working with and for U.S. Intelligence Agencies, Interpol, Europol, and NATO. We are solely dedicated to Cyber Resiliency and thus pay close attention to all aspects of our clients’ engagements experience while providing a strategic and integrated array of services to minimum risk and disruption while protecting your brand.

Related articles

Security Researchers Uncover ‘World’s Most Powerful Android Spyware’

Security researchers at Kaspersky have uncovered a new form of Android spyware with capabilities...

Read more arrow_forward

This Android CryptoMining Malware is Capable of Destroying Android Phones

Cybersecurity researchers have discovered a “jack of all trades” cryptocurrency mining malware...

Read more arrow_forward

Dangerous Android Banking Trojan, SVPENG, modified with a Keylogger

In mid-July this year, it was discovered that a well-known banking malware,...

Read more arrow_forward