ExpensiveWall: Android malware that has been invited to the Google Play Store



Check Point security experts warn against ExpensiveWall, an Android malware hidden in some apps on the Google Play Store and downloaded several million times.


Lovely Wallpaper, infected application from where ExpensiveWall takes its name
 Despite the addition of security features and the screening of mobile apps entering the Google Play Store portal, some malware may be able to thwart the net.

This is the case of ExpensiveWall, an Android malware spotted by Check Point researchers and hidden in applications broadcast on the download portal, sometimes downloaded several million times.


 Related:Android: correction of 81 vulnerabilities 

About fifty applications would have been concerned (before being withdrawn) and would have been downloaded between 1 and 4 million times. Check Point notes that in the days following the withdrawal of a first infected application, a second application was released on the portal, allowing infecting 5000 mobile devices before a new withdrawal.

Infected apps in Google Play Store
 ExpensiveWall manages to trick Google's security by using a masking technique within mobile applications that serve as vehicles. The malware then needs permissions to act but it gets them when the user validates the permissions of the mobile app, which at first seem legitimate, especially in the trusted space represented by the Google Play Store.

Related: Android O: mic mac between WiFi and 4G, station to invoices!  

One of the problems is that even after it is removed, malware can remain active on older Android devices because it is not compatible with Google's latest protection tools.

SMS overtaxed
 Once it is in place, it retrieves personal data such as the identifier and the telephone number to send premium-rate SMS via javascript code. If it is his main goal in the examples spotted by Check Point, he could just as well carry a malicious load capable of taking a remote control of the infected smartphone.

Although unobtrusive, malware behavior has been spotted by various users who have left comments murderers. The origin of ExpensiveWall comes from a SDK called gtk and integrated in some applications.


Source : Check Point 


💌     Follow by Email:Digital Channel

🌍🔍  Search Google :digitalchanneltv.tk


Click Index You Might Be Interested
 


 
 
suivre Dhaouadi Aymensur Google+

Enregistrer un commentaire

Plus récente Plus ancienne
Update cookies preferences