Google has been trying to beef up the security of the Android Play Store but every now and then few malicious apps successfully surpass that security and researchers have found a set of apps downloaded up to 4.2 million times that charges victims fraudulently by sending SMSes to premium numbers.
Dubbed as ‘ExpensiveWall’ by researchers at CounterPoint, these malware-ridden apps wreak havoc on the victims — most of the times without their knowledge — by sending SMS to numbers which then charge users for services they never willingly availed.
This malware infected over 50 apps which have now been removed from the Play Store and from devices protected by Google’s Play Protect feature but might still be endangering devices running on older Android versions.
“What makes ExpensiveWall different than its other family members is that it is ‘packed’ – an advanced obfuscation technique used by malware developers to encrypt malicious code – allowing it to evade Google Play’s built-in anti-malware protections,” the researchers noted.
Malicious Apps Evade Google Play Protect
Google added Play Protect security feature to the Play Store earlier this year, which replaced ‘verify apps’ and analyzes an app before it’s installed onto your device for potential threats.
Google Play Protect doesn’t need user intervention but is an automated security feature embedded into the Google Play services of every device which works in the background around the clock, but these apps seem to have evaded these security measures too.
“The malware infected at least 50 apps and was downloaded between 1 million and 4.2 million times before the affected apps were removed. The entire malware family has now been downloaded between 5.9 million and 21.1 million times,” Counterpoint researchers added.
According to the researchers, the app’s malicious behavior is the result of developers embedding an SDK called ‘gtk’ but it remains unclear whether these developers knew about the fraudulent behavior of the malware.
How to Stay Safe?
Although Google has been making efforts to make Android ecosystem more secure, time and again a malware strain successfully fails it.
Until Android’s security hangs in the balance, it’s best to only install apps after checking out the developer details and user reviews, which should give you a rough idea about the app’s intent.
If your device is running on an older Android version, in all likeliness such or any other malware-ridden apps won’t be deleted automatically from the device once it is taken off the Play Store. Users will need to delete the app manually.