Malware in Google Play Store with 4.2M downloads

50 apps get pulled as ExpensiveWall malware runs riot in the store.

Google had to pull 50 malware-laden apps from its Play Store after security researchers found that virus writers of ExpensiveWall had managed to fool the Chocolate Factory’s code checking system.

The malware, dubbed ExpensiveWall by Check Point security researcher, carries a payload that registers victims for paid online services and sends premium SMS messages from a user’s phone and leaves them to pick up the bill. It was found in 50 apps on the Play Store and downloaded by more than 4 million users.

How does the malware work?

The malware is a strain that the researchers first spotted in the Play Store in January, but with one crucial difference. The new strain is encrypted and compressed, making it impossible for Google’s automated checking processes to detect.

Once downloaded, the app asks for permission to access the internet and send and receive SMS messages. It then pings its command and control server with information on the infected handset, including its location and unique identifiers, such as MAC and IP addresses, IMSI, and IMEI numbers.

The servers then send the malware a URL, which it opens in an embedded WebView window. It then downloads the attack JavaScript code and begins to clock up bills for the victim. The researchers believe that the malware may have arrived from a software development kit called GTK.

“Check Point notified Google about ExpensiveWall on August 7, 2017, and Google promptly removed the reported samples from its store,” the researchers noted. “However, even after Google removed the affected Apps, within days another sample infiltrated Google Play, infecting more than 5,000 devices before it was removed four days later.”

Here is a tip to protect yourself: whenever a new app asks for weird permission/s, google the app to see if there are some complaints about it.. Oh, and I stay away from new and unknown apps.

Mohamad El Hout, MBA, M.Eng., CISSP

Mohamad is an entrepreneur and a Senior Security Consultant dealing with the design and delivery of standard and complex security gateway solutions, covering a wide range of cutting edge technologies. His interests include business, technology, leadership, sports, and the continuous pursuit of knowledge.

Leave a Reply

%d bloggers like this: