ExpensiveWall is the Latest Type of Malware Spotted in the Play Store

ExpensiveWall is the Latest Type of Malware Spotted in the Play Store

We may earn a commission for purchases made using our links.

Google puts a lot of work into making sure our smartphones, tablets, wearables and set-top boxes are as secure as possible. But it’s virtually impossible for any software platform to stay 100% secure and this is especially true when it’s used by 80% of the global smartphone market. We’ve seen the Play Store hit with trojan malware in the past, and now a new variant of an older piece of malware, now called ExpensiveWall, has infected up to 4.2 million devices.

Back in January of this year, there was a trojanized photo application discovered in the Play Store. Not only did it force people to sign up with subscriptions via SMS, but it was also able to remotely install applications as well as leaking user information including the phone number, GPS location, installed apps, and IP address. It was downloaded a million times, but it showed that even Google’s best safeguards aren’t able to keep malware away 100% of the time.

So a new variant of that strain of malware has been discovered and it’s been dubbed ExpensiveWall due to the application it was first spotted in (Lovely Wallpaper). Check Point discovered it and shows that it sends fraudulent premium SMS messages so it can charge users’ accounts for fake services without them knowing anything about it. According to Play Store data, this piece of software was found in at least 50 applications and had been downloaded between 1 million and 4.2 million times before they were removed.

When looking at this entire malware family, we’re seeing infected devices reaching between the 5.9 million and 21.1 million mark. Reviews on the ExpensiveWall application show it did not go unnoticed by some people though as it was flooded with low star reviews. One person even says they discovered the application from an ad that was published on Instagram. Check Point has a list of the applications which had been shown to house this malware family.

Source: Check Point