Malicious apps that charge users’ accounts for premium fees
Around 50 malicious apps have been identified by research firm Check Point on Google Play that send fraudulent SMS messages and demand premium fees from their users for fake services without their knowledge. These apps have infected approximately 5,000 devices till now and have been downloaded over a million times on Google Play. However these apps were removed from the Google Play store after the tech giant got intimation regarding these apps.
‘ExpensiveWall’ – the new Android malware
The name of this new Android malware – ‘ExpensiveWall’ – is derived from one of the apps with which it infects devices – Lovely Wallpaper. These apps can get listed on Google Play after manoeuvring through Google’s malware protection, and also get millions of downloads.
Transfers sensitive data to fraudulent servers
After you download these malware apps, it will ask for certain permissions, just like other regular apps. However, once the permissions are granted, these apps can easily establish connection with fraudulent servers and transfer sensitive data. SMS permissions allow these apps to send fraudulent SMS messages thereby registering users for several paid services, without your knowledge.
Capable of operating without the victim’s knowledge
After installing and granting the required permissions, sensitive data about the infected device is sent to the respective C&C server by ExpensiveWall, including unique identifiers and its location, such as IP and MAC addresses, IMEI and IMSI. The malware can turn into an ultimate spying tool since it is capable of operating without the victim’s knowledge silently in the background.
Already many users have posted warnings in the reviews section about these apps suggesting not to download them. Apps such as Fascinating Camera, Beautiful Camera and I Love Filter are found to be Trojan apps. However these apps were removed from Google Play immediately as Google was informed about the malware but some of them have made their place in the app store once again. They have infected around 5,000 devices again before getting removed finally after four days.
Seen as push advertisements on social media platforms
Check Point has also mentioned that, until these apps are manually uninstalled from the device, they will continue infecting it. These apps have been popping up on social media platforms in the form of push advertisements. It is advised that you see the authenticity and go through the reviews whenever you wish to download any app from Google Play. Also, read the permission statements carefully after downloading a new app, and avoid any such thing that seems out of ordinary.