Home / Security Watch / ‘ExpensiveWall’ Malware Charged Android Users for Bogus Services

‘ExpensiveWall’ Malware Charged Android Users for Bogus Services

Security researchers are warning Android users about a major malware outbreak that recently infiltrated the Google Play Store.

SecurityWatchResearchers at security firm Check Point say the new variant of Android malware, dubbed "ExpensiveWall," infected "at least 50 apps" in the Google Play Store, including "Lovely Wallpaper," which was disguised as a benign mobile backgrounds app. The malicious apps send fraudulent premium SMS messages and charges users' accounts for fake services they didn't sign up for.

Other infected apps had names like "I Love Fliter," "Tool Box Pro," "X WALLPAPER," "Horoscope," "X Wallpaper Pro," "Beautiful Camera," and "Color Camera."

Check Point notified Google about the threat last month, and it "promptly removed" the offending apps from the Play store. But before Google pulled them from the store, they racked up between 1 million and 4.2 million downloads.

If you were among those who downloaded one of these malicious apps, your device could still be at risk, Check Point warned. Users will need to manually remove them to ensure they won't be charged fees for services they never signed up for. Head over to Check Point's blog post and scroll down to the chart at the bottom to see the full list of infected apps.


ExpensiveWall is actually a variant of a piece of malware found on Google Play that McAfee sounded the alarm about in January. Between the latest crop of infections and the earlier ones, this malware family has been downloaded between 5.9 million and 21.1 million times, Check Point said.

It's an ongoing issue. Check Point said that after the batch of affected apps it discovered were removed, another sample infiltrated Google Play "within days…infecting more than 5,000 devices before it was removed four days later."

"What makes ExpensiveWall different than its other family members is that it is 'packed' – an advanced obfuscation technique used by malware developers to encrypt malicious code – allowing it to evade Google Play's built-in anti-malware protections," Check Point wrote.

Read more

Check Also

Samsung Vice Chairman Jay Y. Lee Released from Jail

He is now a free man after a panel of judges ruled to suspend his sentence.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Disclaimer: Trading in bitcoins or other digital currencies carries a high level of risk and can result in the total loss of the invested capital. theonlinetech.org does not provide investment advice, but only reflects its own opinion. Please ensure that if you trade or invest in bitcoins or other digital currencies (for example, investing in cloud mining services) you fully understand the risks involved! Please also note that some external links are affiliate links.