The second malware attack for Android devices this year, could there be more on the way?
Google has fallen victim to another cyber-attack affecting 21 million Android users from one malware system.
Hidden inside wallpaper apps, the malware has been named ‘ExpensiveWall’, after finding its way to Google Android devices through Google users downloading malicious apps through the Google Play store.
As the second cyber-attack on Android devices in the last year, at least 50 apps were infected by ExpensiveWall after being collectively downloaded between 1 million and 4.2 million times.
Researchers on the case warned users the malware sent fraudulent text messages which scammed users. However, ExpensiveWall doesn’t just take victims money it steals data from the attacked device including its location and IP address.
Javvad Malik, security advocate at AlienVault, said: “With so much money being flushed into mobile phones and the technology that surrounds them, it’s no surprise criminals are targeting their malware efforts in this direction. App store operators like Google, need to be on their toes as mobile phones have become irreplaceable due to their high functionalities.”
Millions of users have been victims of the latest malware attack but it is said to be the second biggest Android attack following the first attack early in May this year. Judy malware was downloaded around 36m times through Google’s Play store.
According to researchers from Check Point, ExpensiveWall was able to make its way onto Google’s App Store using encryption to blind the system from its code.
Google removed the malware infected apps; however ExpensiveWall continued to cause trouble for the tech giants App Store by spreading the sample across another 5,000 devices at least.
Malik said: “Because of the increased level of sophistication shown by today’s cyber attackers, app stores need to constantly seek out new and improved ways to step up their security efforts and collaborate closer with security researchers.”
As attackers found it easy to reinstall the malicious software back into Google’s App store, the Silicon Valley Company still have work to do to better secure their system.