Security researchers have revealed that at least 50 apps available from Google’s Play Store were housing malware that secretly ran up fees for users.
The malware known as ExpensiveWall, which has affected apps that have been downloaded by millions of users, uses excessive permissions to sign users up for premium services without their knowledge.
It was researchers at Check Point that discovered that the malware had managed to by-pass Google’s built-in anti-malware protections.
ExpensiveWall achieved go undeceted by Google’s security procedures by using a technique known as packing, which involves adding malicious code to the infected apps.
This allows the malware to execute in the user’s device once it has been downloaded. This is not a new technique but one that has proved successful in the past. It involves sending premium SMS messages without the users’ knowledge.
ExpensiveWall can only work when permissions are granted so it is important to check exactly what you downloading and agreeing to.
The malware not only generates profit but also manages to collect personal data of users and sends this information back to command and control server.
It is believed that a modified version of malware could steal even more of users’ personal data. That version isn’t available yet although attacks have undergone changes in the past.
The entire malware family is believed to have been downloaded as many as 21.1 million times.
The apps containing ExpensiveWall have been removed from Play Store but anyone who has downloaded them already will need to remove the app from their device themselves.
“We’ve removed these apps from Play and always appreciate the research community’s efforts to help keep the Android ecosystem safe,” a Google spokesman said in a statement.