Threat Report: ExpensiveWall Android Malware

What Is It?

Android malware, dubbed ExpensiveWall, was discovered in over 50 apps on the Google Play Store. These infected apps were downloaded at least 1 million times and possibly as high as 4.42 million times with the potential for up to 21.1 million infections.

The malware makes use of packing, a common technique in Windows malware which encrypts the malicious code, in order to defeat Google Play’s own malware detection.

Once installed and granted the requested privileges, it silently registers the infected user for premium services and sends premium SMS messages, charging their accounts.

How does it propagate?

More than 50 apps in the Google Play Store were infected with ExpensiveWall malware. While Google Play Store quickly removed the apps from availability, Android users with those apps may still risk infection. A list of infected apps was created by Check Point here.

How can BV help detect? 

A number of Android apps infected with ExpensiveWall were tested and all were identified as malicious by BluVector’s machine learning malware detection engine. Regression testing has shown this Trojan would have been detected by BluVector since November 2016. Note: BluVector would only detect the malware if the mobile device was connected to a corporate network monitored by a BluVector appliance.

About Threat Report
BluVector’s Threat Report is written by BluVector’s expert security team, tasked with identifying the latest cybersecurity threats in the wild and when our solution would protect customers from those threats. Read more Threat Reports here.

Leave a Reply

Your email address will not be published. Required fields are marked *

Interested in learning about BluVector?Contact Us >