RESEARCH FROM SECURITY FIRM Check Point has found more evidence of dratted malware for Android, and this time it's a real blighter called "ExpensiveWall".
ExpensiveWall takes its name from one of the poisoned apps that it uses to spread itself. That app is called 'Lovely Wallpaper' and if you ever downloaded it, you do not have any of our sympathies.
The malware sends fraudulent premium SMS messages, which is where the ‘expensive' bit comes in, and makes fake charges against user accounts. It is, in short, a real shit.
According to Check Point, it is a "new variant of Android malware that sends fraudulent premium SMS messages and charges for fake services to users' accounts without their knowledge."
According to Google Play data, the malware infected at least 50 apps and was downloaded between one million and 4.2 million times before affected apps were removed.
Check Point told Google about ExpensiveWall in August, and Google removed all of the spiked apps that the security company told it about back then. However, you should also remove the app from your device at your end.
"While ExpensiveWall is currently designed only to generate profit from its victims, a similar malware could be easily modified to use the same infrastructure in order to capture pictures, record audio, and even steal sensitive data and send the data to a command and control (C&C) server," added the firm in case we weren't worried enough.
"Since the malware is capable of operating silently, all of this illicit activity takes place without the victim's knowledge, turning it into the ultimate spying tool."
A blog from Check Point adds that most of the infected apps come with the kind of reviews that you might expect, and some suggest that it is advertisements on other apps including Instagram, that drew them to the poisoned shit.
"The comments indicate that the app is promoted on several social networks including Instagram," it explained. "Which might explain how it came to be downloaded so many times." µ
Is restoring from backup really the better than prevention?
Allowed anyone to pinpoint locations visited by customers of SVR Tracking
Hackers gained access to systems using unsecured administrator's account
But Canonical's Mark Shuttleworth doesn't agree