An Israeli cybersecurity company said one of the largest malware campaigns infiltrated the Google Play store, affecting as many as 21 million people.
According to news from Fortune, security researchers at Check Point Software Technologies announced in a blog post that the attack consisted of dozens of malicious apps that sent fraudulent text messages and charged people for fake services.
“This was one of the most extensive malware campaigns to infiltrate Google Play, both in size and in its malicious effect,” said Daniel Padon, mobile threat researcher for Check Point. Unlike most malware found on Google Play, this “directly inflicts harm to users” by running up people’s phone bills.
The malware was dubbed “ExpensiveWall” after one of the fraudulent apps, “Lovely Wallpaper,” which claimed to offer different background images for phones. Other infected apps included “I Love Filter,” “Tool Box Pro” and “Horoscope.”
At least 50 apps, which Android users downloaded as many as four million times, featured an advanced form of the malware that used “packing,” a technique that compresses code with encryption and allows it to evade Google’s security filters. Check Point has posted a full list of known malicious apps on its website.
Check Point said it alerted Google to the cyberattack on August 7, and the search giant then removed the apps from its app store. But another version of the malware made its way onto the Google Play Store, reaching 5,000 devices before Google evicted it four days later.
“We’ve removed these apps from Play and always appreciate the research community’s efforts to help keep the Android ecosystem safe,” said Aaron Stein, a Google spokesperson.
This isn’t the first time Google Play has been compromised by hackers. In May, security researchers at Phish Labs claimed that since the start of the year, it had found 11 apps hosted on Google Play that were created by hackers.