Monday, 18 December, 2017

ExpensiveWall is the Latest Type of Malware Spotted in the Play Store

ExpensiveWall Banking Trojan targets Android users with fake SMS messages ExpensiveWall Banking Trojan targets Android users with fake SMS messages
Theresa Hayes | 17 September, 2017, 15:43

With the number of Assistant apps growing, or at least changing, it may be time that Google look at introducing an assistant section to the Play Store. And this has the same modus operandi!

Check Point Software said it had discovered at least 50 Android applications on the mobile app store tainted with malware created to surreptitiously send fraudulent premium SMS messages and charge users for fake services.

Here's how ExpensiveWall infiltrate and skim mobile device owner's money?

Researchers on the case warned users the malware sent fraudulent text messages which scammed users.

According to the experts, Google has missed some warnings about the malware infection published by users who have downloaded the applications.

Although the aim of this malware is to make as much money as possible off the back of premium rate SMS messages, it could be modified to steal sensitive data, capture pictures and record audio and send to the C&C server. Once these malware apps are downloaded, it asks for several permissions, like any other regular app. However, a mere few days later, another application containing the malware again became available on Google Play and infected more than 5,000 Android devices before Google removed that one as well, Check Point said.

An Israeli company in the field of cyber security said that the threat of malware has infiltrated Google Play, attacking 21 million users. Check Point has shared the complete list of infected apps in today's report (shared below).

A blog from Check Point adds that most of the infected apps come with the kind of reviews that you might expect, and some suggest that it is advertisements on other apps including Instagram, that drew them to the poisoned shit.

"While these permissions are harmful within the context of a malware, many apps request the same permissions for legitimate purposes".

The virus is called "ExpensiveWall" in honor of one of the fraudulent applications, "Lovely Wallpaper", which allegedly offered a variety of background images for smartphones.

Check Point also notes that even if these apps have been removed from Google Play, they will continue to infect the smartphone until and unless they are manually uninstalled from the device.

ExpensiveWall can only work when permissions are granted so it is important to check exactly what you downloading and agreeing to.