Android users are warned to be on the lookout for new malware that sends premium texts messages and charges their account for fake services.
Dubbed ExpensiveWall, the malicious software is part of a family of apps that has been downloaded up to 21.1 million times.
It has been described as one of the biggest ever Android malware outbreaks.
The virus was disguised in around 50 free wallpaper, camera and video editing apps, and hackers could be working on more.
Android users are warned to be on the lookout for new malware that sends premium texts messages and charges their account for fake services. Dubbed ExpensiveWall, the malicious software had been downloaded 4.2 million times before it was detected (stock image)
Researchers from cyber security firm Check Point raised the alarm about the apps with Google, before going public with the news yesterday.
Check Point named the malware ExpensiveWall as the majority of the infected apps were fake wallpapers.
It was downloaded 4.2 million times before it was detected and removed from the Google Play Store.
It is a variant of malicious code identified by McAfee back in January, primarily linked to camera and photo apps.
The entire malware family has now been downloaded between 5.9 million and 21.1 million times.
Speaking on the San Carlos, California, company’s blog, experts Elena Root, Andrey Polkovnichenko and Bohdan Melnykov said: ‘The malware registers victims to premium services without their knowledge and sends fraudulent premium SMS messages, charging their accounts for fake services.
‘What makes ExpensiveWall different than its other family members is that it is ‘packed’ – an advanced obfuscation technique used by malware developers to encrypt malicious code – allowing it to evade Google Play’s built-in anti-malware protections.’
While ExpensiveWall is currently designed only to generate profit from its victims, a similar malware could be easily modified, Check Point said.
Check Point named the malware ExpensiveWall as the majority of the infected apps were fake wallpapers, like this Lovely Wallpaper app
The malware registers victims to premium services without their knowledge, like the one pictured here, and sends fraudulent premium SMS messages, charging their accounts for fake services.
This would allow it to use the same infrastructure in order to capture pictures, record audio, and even steal sensitive data and send it to a cyber criminals servers.
Since the malware is capable of operating silently, all of this illicit activity takes place without the victim’s knowledge, making it an ideal spying tool.
Check Point notified Google about ExpensiveWall on August 7 and Google promptly removed the reported samples from its store.
However, even after the affected Apps were removed, within days another sample infiltrated Google Play, infecting more than 5,000 devices before it was removed four days later.
‘We’ve removed these apps from Play and always appreciate the research community’s efforts to help keep the Android ecosystem safe,’ a Google spokesman said in a statement.
Even though the apps have been taken down from the store, your device is still infected if they are still installed, Check Point addded.