The most talked about news of the year is here. A very recent claim by Security Researchers state about their discovery of one of the biggest outbreaks of Android Malware ever to invade into people’ s device from the Play Store.
According to the report and blog post by researchers at the Check Point Software Technologies, an Israeli cyber security big shot, this campaign consisted of dozens of malicious apps that sent fraudulent premium text messages and charged people for fake services.
The researchers have found at least 50 apps in the official Google Play market that have made charges for fee-based services without the knowledge or permission of users. These apps were further downloaded as many as 4.2 million times. Google quickly removed the apps after the researchers reported them, but within days, apps from the same malicious family were back and infected more than 5,000 devices.
All these apps belong to a family of malware, named by the researchers as ExpensiveWall, which inconspicuously uploaded phone numbers, locations, and unique hardware identifiers to attacker-controlled servers. The apps then used these phone numbers to sign up unaware users to premium services and to send fraudulent premium text messages. Check Point researchers are not sure f the exact amount of revenue generated by the apps. But, Google Play showed that the apps had from 1 million to 4.2 million downloads.
The Android users have downloaded the malware by using the method of ‘packing’ i.e. the technique that compresses code with encryption, effectively concealing it. This measure permitted the malware to evade Google’s security files, confirmed the researchers.
The malware had its spread further and wider than any other Play Store-distributed malware, except for a May campaign called “Judy,” which infected as many as 36 million devices. The security firm Mcfee identified an early type of the ExpensiveWall malware in January.
The Check Point team had already warned Google about the cyber criminal scheme on 7Th August. After this, the search giant subsequently removed the apps from its app store. The researchers noted that even after the supposed eradication, another version of the malware sneaked its way onto the Google Play Store, reaching 5,000 devices before Google evicted it four days later.
Aaron Stein, a Google spokesperson, added that “We’ve removed these apps from Play and always appreciate the research community’s efforts to help keep the Android ecosystem safe”.
In spite the success on the part of crooks in tricking people to download the malicious apps, reviewers posted plenty of warnings on Play Store’s comments pages. The warnings read like “Virus detected,” “Spam app,” and “Scam!!!”.
Even after this, one dissatisfied user regarded that “It is NOTHING like the ad on Instagram. DO NOT DOWNLOAD IT”.
Based on these reviews, Check Point researchers have guessed the apps have been promoted through ads on various social networks, enlisting Facebook’s Instagram.
Check Point has also decided of posting a full list of known malicious apps on its website for people to check against and regarded that, “To protect themselves, users should make sure none of the apps listed was installed on their device”.