Check Point Software’s mobile threat research team announced last week it has identified a new variant of an Android malware that sends fraudulent premium SMS messages and charges users’ accounts for fake services without their knowledge. According to Google Play data, the malware infected at least 50 apps and made charges for fee based services without the knowledge or permission of users.
The apps were downloaded as many as 4.2 million times. Google quickly removed the apps after the researchers reported them, but within days, apps from the same malicious family were back and infected more than 5,000 devices.
The apps, all from a family of malware that Check Point calls ExpensiveWall, surreptitiously uploaded phone numbers, locations, and unique hardware identifiers to attacker-controlled servers. The apps then used the phone numbers to sign up unwitting users to premium services and to send fraudulent premium text messages, a move that caused users to be billed. Google Play showed the apps had from 1 million to 4.2 million downloads.
Even after Google removed the apps from Play, many phones will remain infected until users explicitly uninstall the malicious titles.
A full list of the affected apps is included in the Check Point report.
If you would like a free brand report to see how your intellectual property is being presented in these marketplaces, drop us a note.