‘Encrypted’ malware bypasses Android Play Store detection, cons millions

‘Encrypted’ malware bypasses Android Play Store detection, cons millions

90% of free antivirus apps can't defend against malicious Android malware

A malware variant dubbed “ExpensiveWall” infected up to 4.2 million smartphone users and charged their accounts for fake services without their knowledge, says security firm Check Point.

ExpensiveWall is a member of a malware family that has been downloaded over 20 million times by smartphone users around the world.

Researchers at security firm Check Point recently stumbled upon a malware that sent fraudulent premium SMS messages on users' behalf without their knowledge. The malware installed itself on millions of Android devices by hiding inside seemingly harmless Android apps and then obtained permission from users to access their Internet and SMS.

According to the researchers, as many as 50 Android apps contained ExpensiveWall and were downloaded between 1 million and 4.2 million times by Android users across the world. These apps were removed from the Google Play Store after Check Point informed Google about the threat in August.

While they were active on the Play Store, a number of these apps enjoyed downloads in the hundreds of thousands. While an app named 'I Love Fliter' was downloaded up to 5 million times, other apps like Horoscope, Beautiful Camera, Tool Box Pro, DIY Your Screen, and Ringtone were downloaded up to 500,000 times each.

Hackers behind ExpensiveWall encrypted malicious code while including the malware in Android apps, thereby avoiding detection by Google Play’s built-in anti-malware protections. Even though the apps are no longer in play, the malware continues to be present on user devices and remains a threat to millions of users.

Researchers at Check Point also fear that a malware like ExpensiveWall can be easily modified by hackers to capture pictures, record audio, and even steal sensitive data and send the data to a command and control (C&C) server.

Millions of victims were unaware of the malware's presence and the fact that it conned them out of precious money while hiding in their devices, so it is possible that the malware can steal a lot more sensitive data without alerting users.

However, the ExpensiveWall app on the Google Play Store did attract a number of comments from alert users who warned others not to download the app. Users termed the app as a scam, a virus carrier, and one designed to steal money from users. However, the app was also heavily promoted on social media platforms like Instagram by its creators, thereby explaining its healthy download numbers.

'Users and organizations should be aware that any malware attack is a severe breach of their mobile network, even if it starts out as a seemingly harmless adware. ExpensiveWall is yet another example of the immediate need to protect all mobile devices against advanced threats,' said the researchers.

Cutting-edge malware such as ExpensiveWall requires advanced protections, capable of identifying and blocking zero-day malware by using both static and dynamic app analysis. Only by examining the malware within context of its operation on a device can successful strategies to block it be created,' they added.

Copyright Lyonsdown Limited 2020

Top Articles

PrismHR outage possibly caused by a ransomware attack, experts believe

PrismHR suffered a cyber attack last week which forced it to shut down its flagship software that serves thousands of organisations worldwide.

Hackers exploited flaws in Accellion FTA to steal data from Qualys

Qualys said hackers exploited a zero day vulnerability in Accellion's FTA to infiltrate an FTA server deployed in its DMZ environment.

SITA data breach compromised data associated with multiple international airlines

SIT, has revealed it recently suffered a major cyber attack that compromised information belonging to customers of several airline companies.

Related Articles