This is another month during which Android malware has attacked Google Play. According to researchers from Check Point, the outbreak has been the second biggest ever on the Google’s platform. The infection is as high as 2.1 million from a single family of malware.
Nicknamed as ‘ExpensiveWall’, the malware is hidden in wallpaper apps. The virus sent unauthentic SMS messages and charges the mobile user for fake services. Just recently, ExpensiveWall has a negative impact on a minimum of 50 apps which were downloaded for 4.2 million times. On Thursday, the situation grew worse because McAfee reveals that the victims were somewhere between 5.9 million and 21.1 million. The result was because the malware was installed for several times.
As stated by Checkpoint, the number is quite large but not at par with Judy malware which affected Android in May and was downloaded for 36 million times. Though few apps were infected, Google has to remove 40 apps from the online store. But, the repercussions were tremendous with Expensivewall which seemed harmless but deceived developers and mobile phone users.
Since it’s one of the biggest attacks, the mobile researcher, Daniel Padon said that the Google Android malware is one level below Judy. As SMS frauds increased in number, it was tough to figure out the amount criminals actually earned.
The findings were revealed to Google by Check Point on August 17. The incriminating apps were finally removed though hackers paced swiftly in uploading another sample that caused infection to at least 5000 devices. This was observed even before the virus was removed four days later. As per the Google spokesperson, the objective was to keep the Android ecosystem safe.
ExpensiveWall doesn’t just steal’s money from the user. It also grabs information about the device, the location, and the IP address. It also asks users to click on online advertisements that are nothing but a money-making business. This was evident due to the fact that hackers were actively involved in the chain of pay-per-click ads.
Researchers stated in a blog, that ExpensiveWall entered Google Play with the encryption techniques used for hiding the malicious code. They think that the virus has spread from advertisements posted on LinkedIn, while it infiltrated apps through a software development kit by the name, ‘gtk’. Since developers thought that the SDK won’t do any harm, it was incorporated in the apps.
Everyone wasn’t duped once the infected apps were downloaded. As observed, some customers were annoyed for luring them to be a part of a dishonest scheme. It might have been that such cases were immediately reported.
With Judy and Expensive Wall, Google Play has been infected by many frauds. During an interview, the hacker, Maza-In, was accused of bank login thefts through the mobile operating system. He had played a big role in stealing essential the essential credentials. With such crooks wandering around, Google still puts in efforts to keep Android devices away from fraudsters. Finally, the team would have to work hard to prevent exploitation of the open source platform, Android.