21 million Android devices infected by Malware discovered in wallpaper apps through Google Play
The second largest outbreak about hit the Google Play Store is
called ExpensiveWall, a new malware
discovered in wallpaper apps, which is said to be responsible for the infection
of 21.1 million Android devices.
called ExpensiveWall, a new malware
discovered in wallpaper apps, which is said to be responsible for the infection
of 21.1 million Android devices.
Check Point’s researchers discovered the malware early last
month and issued a statement that contains all their findings related to
ExpensiveWall.
month and issued a statement that contains all their findings related to
ExpensiveWall.
Regrettably, the malware infected at least 50 apps on Google
Play, which were downloaded between 1 million and 4.2 million times before they
were removed.
Play, which were downloaded between 1 million and 4.2 million times before they
were removed.
The ExpensiveWall malware was “packed” inside wallpaper
apps, which allowed it to escape Google Play’s built-in anti-malware
protections. The “packed” method is frequently used by malware developers to
encrypt malicious code.
apps, which allowed it to escape Google Play’s built-in anti-malware
protections. The “packed” method is frequently used by malware developers to
encrypt malicious code.
Even though Google removed these infected apps after August
7, those who installed them before they were removed are still at risk, so they
should manually remove them from their Android devices.
7, those who installed them before they were removed are still at risk, so they
should manually remove them from their Android devices.
HOW IT WORK
Since ExpensiveWall is “packed” inside an Android app, it
will ask the user for several common permissions, such as SMS and internet
access. If granted, the malware will start sending premium SMS messages and
register users for other paid services that don’t exist without the user’s
knowledge.
will ask the user for several common permissions, such as SMS and internet
access. If granted, the malware will start sending premium SMS messages and
register users for other paid services that don’t exist without the user’s
knowledge.
Although these permissions are pretty common for certain
types of apps, there’s absolutely no reason for a wallpaper app to request SMS
permission or even internet access for that matter. Unfortunately, many Android
users grant these permissions without thinking, which is probably one of the
reasons it propagated so fast in the first place.
types of apps, there’s absolutely no reason for a wallpaper app to request SMS
permission or even internet access for that matter. Unfortunately, many Android
users grant these permissions without thinking, which is probably one of the
reasons it propagated so fast in the first place.
HOW TO AVOID BEING
INFECTED
INFECTED
Well, there’s really no way to stay protected as long as you
don’t pay attention to what permissions an app requests before being installed.
ExpensiveWall is a very tricky malware that’s hardly detectable by standard
(read free) security solutions available in the Google Play Store.
don’t pay attention to what permissions an app requests before being installed.
ExpensiveWall is a very tricky malware that’s hardly detectable by standard
(read free) security solutions available in the Google Play Store.
What’s even worse is that malware developers find new ways
to pass Google Play Store’s security protections more often than ever before.
The bottom line is you can never be certain if your Android device is infected
or not, so the best way to stay safe is to install high-profile apps and avoid
the questionable ones.
to pass Google Play Store’s security protections more often than ever before.
The bottom line is you can never be certain if your Android device is infected
or not, so the best way to stay safe is to install high-profile apps and avoid
the questionable ones.