In Oct, Check Point researchers uncovered “ExpensiveWall”, a new variant of a malware detected earlier this year and seen lurking in about 50 apps in the Play Store, including the popular “Lovely Wallpaper”, for which the malware was named after. To evade detection by Google, the creators used advanced techniques to encrypt the malicious code bypassing the usual Play Store anti-malware mechanisms. Victims affected by ExpensiveWall pay a heavy price. They unknowingly sign up to premium paid services and are charged for illicit activities e.g. sending premium text messages. Sadly, these apps had cumulatively been downloaded and installed between 1 million and 4.2 million times from the Google Play Store. More alarmingly, this particular malware family including all its variants have affected between 5.9 million and 21.1 million victims.
Evidently malicious apps frequently slip in undetected to the Play Store, and attract millions of downloads before Google can find and remove them. Clearly, Android users cannot simply rely on the fact that Google removed the affected mobile apps from their platform as the downloaded app remains on the Android phone and continue to cause harm. Users should as a matter of urgency, manually remove apps that have been tagged ‘malicious’.
This brings into question the common recommendation to download mobile apps and games only from trusted Android app stores.
Vigilance becomes the major security feature for Android Users
With the explosion of mobile devices, malicious apps seeking to trick and defraud Android users will continue to proliferate the ecosystem, representing a very lucrative market for cyber criminals.
More fear than harm, the recent issues with fake apps and mobile malware reveal a problem endemic to the Google Play Store, which has so far failed to properly regulate mobile applications in its marketplace. The fake WhatsApp is not the first time that the Google Play Store is faced with counterfeits of popular applications. A fake Facebook Messenger app previously managed to accumulate nearly ten million downloads before being spotted.
Hence it appears that while the Play Store remains the most trusted source, it can no longer be absolutely trusted. Securing the mobile app space requires a combination of security measures and responsible parties – Google, mobile security vendors and Android users. Google must continue to enhance their malware detection capabilities, perhaps with a greater emphasis on human intervention beyond reliance on AI and algorithms which can be fooled by determined cybercriminals. Mobile security vendors should collaborate and continue to support the ecosystem through their research and advanced anti-malware products. And perhaps most importantly, Android users should be more discerning and skeptical of the mobile apps they are putting on their devices.