What Is It?
Android malware, dubbed ExpensiveWall, was discovered in over 50 apps on the Google Play Store. These infected apps were downloaded at least 1 million times and possibly as high as 4.42 million times with the potential for up to 21.1 million infections.
The malware makes use of packing, a common technique in Windows malware which encrypts the malicious code, in order to defeat Google Play’s own malware detection.
Once installed and granted the requested privileges, it silently registers the infected user for premium services and sends premium SMS messages, charging their accounts.
How does it propagate?
More than 50 apps in the Google Play Store were infected with ExpensiveWall malware. While Google Play Store quickly removed the apps from availability, Android users with those apps may still risk infection. A list of infected apps was created by Check Point here.
How can BV help detect?
A number of Android apps infected with ExpensiveWall were tested and all were identified as malicious by BluVector’s machine learning malware detection engine. Regression testing has shown this Trojan would have been detected by BluVector since November 2016. Note: BluVector would only detect the malware if the mobile device was connected to a corporate network monitored by a BluVector appliance.