Millions of Android Devices Affected By New Malware

New Malware, Switcher Trojan, Targets Android Users and Wi-Fi Networks

Android Devices at high risk after ExpensiveWall malware found in Google Play Store.

A new strain of malware affecting Android devices has recently been discovered in more than 100 apps currently available on the Google Play Store. This app operates by sending fraudulent SMS messages that charge a user’s accounts without their knowledge and has been downloaded millions of times. Security company Check point has dubbed the malware ExpensiveWall.

The particular strain of malware was first discovered by another security firm, McAfee in January this year. Since then, infected apps have reached between 5.9m and 21.1m downloads in total.  This means that ExpensiveWall might be the biggest malware outbreak amongst Android devices up to date.

According to Check Point, ExpensiveWall operates by either sending fraudulent SMS messages to users or by urging users to sign up for premium accounts. This charges users’ accounts without their knowledge and funds go towards the hackers.

Apps found to be infected with ExpensiveWall included I Love Filter, Beautiful Camera, WiFi Booster, Simple Camera, Tool Box Pro, and X Wallpaper Pro.

All of these apps have millions of downloaded starting as early as 2015. Overall it is considered that at least 50 available apps on the Google Play store is infected and had between 1m and 4.2m downloads before Google removed them.

The app operates by connecting to a user’s server. It connects via requesting permission from the user device by sending an SMS and internet connection. This app is also able to exfiltrate any device’s location using identifiers such as IP, IMEI, and IMSI number.

It is uncertain how much money hackers of ExpensiveWall have made up to date. Google is yet to comment on these activities.

ExpensiveWall managed to bypass Google’s anti-malware protections by using an advanced encryption technique. Check Point notified Google of the malware on 7 August, after which all infected apps were immediately removed. Since then, however, hackers uploaded similar apps which have received 5000 downloads within four days.

Any Android device running an infected app is at risk.

Certain infected apps were advertised on Instagram, which accounts for a lot of downloads. Check Point warned that ExpensiveWall can potentially become a huge threat to Android users.

Currently, ExpensiveWall is only designed to generate a profit from users, yet malware can be designed in such a manner that it can also gain access to sensitive and personal information from an infected device, and send the data to a control server. Since the malware is designed to operate without the user’s knowledge, it can potentially become a powerful spying tool.

Earlier this year, Check Point exposed malware called Judy, which had over 36m downloads by Android users. At the time it was regarded as the largest malware network on the Android platform, although Google has not confirmed the number of infected devices.

Currently, it would seem that SMS Trojans similar to ExpensiveWall remain the biggest threat to Android users. This particular kind of malware injects apps with code that subscribe users to premium services and is an easy way for hackers to profit. Especially in an environment which enjoys minimal restriction like Google Play.