Millions of people’s smartphones have been infected by a new form of malware which secretly drains their bank account.
The Android smartphone virus is called ExpensiveWall and is designed to subtly siphon victims’ cash.
“ExpensiveWall”, software designed to cheat users out of their money without them realising, was hidden in at least 50 apps in the Google Play store. According to the Check Point researchers who discovered it, ExpensiveWall has been downloaded between one million and 4.2 million times.
ExpensiveWall has been downloaded between 1 and 4 million times
“The malware registers victims to premium services without their knowledge and sends fraudulent premium SMS messages, charging their accounts for fake services,” the researchers said.
“In some cases, the SMS activity takes place without giving the user any notice. In other cases, the malware presents the user with a button called ‘Continue’, and once the user clicks the button, the malware sends a premium SMS on [their] behalf.”
The ExpensiveWall apps request a number of permissions from users after being downloaded, including internet and SMS access.
These are fairly common permissions that most users wouldn’t think twice about granting, but allowed ExpensiveWall to operate.