Story image

ExpensiveWall signs users up to fraudulent SMS services

19 Sep 2017

Some Android users may notice fraudulent charges on their accounts if they have been infected by a new strain of malware dubbed “ExpensiveWall”.

According to research from Check Point, the malware is named after one of the apps it infected: ‘Lovely Wallpaper’. It also affected other apps including X Wallpaper, Color Camera, Horoscope, Sale locker, Wifi Booster, Yes Star, Tool Box Pro, Memory Doctor, Global Weather, Music Player and other apps.

Discovered earlier this year, the malware is suspected to account for 5.9 to up to 21.1 million downloads.

While Google removed the original malware samples from Google Play, days later another variant popped up that infected more than 5000 devices.

While the malware is no longer available on Google Play, Check Point researchers warn that it still remain on victims’ devices.

ExpensiveWall is ‘packed’ to hide from anti-malware protections such as those in Google Play.

The malware registers victims to premium services without their knowledge, sends SMS messages and charges their accounts for the fraudulent services.

“While ExpensiveWall is currently designed only to generate profit from its victims, a similar malware could be easily modified to use the same infrastructure in order to capture pictures, record audio, and even steal sensitive data and send the data to a command and control (C&C) server. Since the malware is capable of operating silently, all of this illicit activity takes place without the victim’s knowledge, turning it into the ultimate spying tool,” researchers Elena Root, Andrey Polkovnichenko and Bohdan Melnykov say in Check Point’s blog.

After being downloaded with compromised apps, ExpensiveWall then requests permissions including internet access. This is important to facilitate communication with its C&C server. It also requests SMS permissions so it is able to send the fraudulent premium SMS messages.

Researchers say that because many legitimate apps request similar permissions, most users unwittingly grant them without permission, especially when apps come from trustworthy sources such as Google Play.

ExpensiveWall also reports data about the device to its C&C server. That data includes location, MAC and IP addresses, IMSI and IMEI.

When the device is switched on or connected, the malware then connects to the C&C server and an embedded WebView URL. It silently clicks on webpage links, subscribing users to premium services and sending SMS messages.

“Cutting-edge malware such as ExpensiveWall requires advanced protections, capable of identifying and blocking zero-day malware by using both static and dynamic app analysis. Only by examining the malware within context of its operation on a device can successful strategies to block it be created. Users and enterprises should treat their mobile devices just like any other part of their network, and protect them with the best cybersecurity solutions available,” researchers conclude.

Opinion: BYOD can be secure with the right measures
Companies that embrace BYOD are giving employees more freedom to work remotely, resulting in increased productivity, cost savings, and talent retention.
Sonatype and HackerOne partner on open source vulnerability reporting
Without a standard for responsible disclosure, even those who want to disclose vulnerabilities responsibly can get frustrated with the process.
OutSystems and Boncode team up for better code analysis
The Boncode and OutSystems alliance aims to help organisations to build fast and feel comfortable that the work they're delivering is at peak quality levels.
Nuance biometrics fight back against fraud
Nuance Communications has crunched the numbers and discovered that it has prevented more than US$1 billion worth of fraud from being passed on to users of its Nuance Security Suite.
Attacks targeting Cisco Webex extension explode in popularity - WatchGuard
WatchGuard's Internet Security Report for Q4 2018 also finds growing use of a new sextortion phishing malware customised to individual victims.
Developing APAC countries most vulnerable to malware - Microsoft
“As cyberattacks continue to increase in frequency and sophistication, understanding prevalent cyberthreats and how to limit their impact has become an imperative.”
Worldwide spending on security to reach $103.1bil in 2019 - IDC
Managed security services will be the largest technology category in 2019.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.