Tuesday, March 19, 2024

4.2 Million Android Mobile Infected by “ExpensiveWall” Malware That Can Control Your Mobile Wallet

A New Google Play Store Android Malware called “ExpensiveWall” Discovered that can able to Control the Android Mobile wallet by sending fraudulent premium SMS messages which leads to charge for fake services.

“ExpensiveWall” Infected almost 50 + Android Application and Downloads of this Apps Estimated Around 1 million and 4.2 million.

This New Variant Family has Discovered on earlier time of 2017 and the entire malware family has now been downloaded between 5.9 million and 21.1 million times.

This Expensive Malware Is Completely Packed . Malware authors are Encrypt the Source code and also used Advanced obfuscated Technique to Evade the Google Play Security.

Also Read : Beware!! All Android Versions Up to 7.0 are Vulnerable to Toast Overlay Attack

How Does ExpensiveWall Android Malware Works

ExpensiveWall is Specially designed for Generating Profits from its Targeting Victims and also using Google Play Store, that is the fastest way to Targeting huge number of Victims.

Initially, Once Expensive Malware is Downloaded, it  asks Permission from users to access Internet, Message, and other Sensitive Permissions.

Most of the User will give Permissions without thinking the security. In This Case, Many of the Applications seeking Permission for Legitimate Purpose but Few of them are performing Malicious Activities.

App Permissions Leads  to connect  its C&C server – and SMS permissions – which enable it to send premium SMS messages and register users for other paid services all without the users knowledge.

Here, There is an Interface called  WebView which helps to running the JavaScript code  inside of the WebView that allow to trigger in-app activities by connecting App Activities and JavaScript  Code.

According to Checkpoint Report, Once C&C Sever Connection has successfully Established then, the infected device to its C&C server, including its location and unique identifiers, such as MAC and IP addresses, IMSI, and IMEI.

This Malware Connect to C&C server whenever Infected Device Switched on and received an URL in the WebView  interface that contains Malicious java script code.

Android Malware

Malicious code secretly click the link and subscribing them to premium services and sending SMS messages and generating revenue by silently  clicking ads.

Checkpoint Report this Malware activities to Google and Google promptly removed the reported samples from its store.

But already Millions of users were Download this Malware which remains to do the Malicious activities unless the App get uninstalled.

Website

Latest articles

Microsoft Deprecate 1024-bit RSA Encryption Keys in Windows

Microsoft has announced an important update for Windows users worldwide in a continuous effort...

Beware Of Free wedding Invite WhatsApp Scam That Steal Sensitive Data

The ongoing "free wedding invite" scam is one of several innovative campaigns aimed at...

Hackers Using Weaponized SVG Files in Cyber Attacks

Cybercriminals have repurposed Scalable Vector Graphics (SVG) files to deliver malware, a technique that...

New Acoustic Keyboard Side Channel Attack Let Attackers Steal Sensitive Data

In recent years, personal data security has surged in importance due to digital device...

Discontinued WordPress Plugin Flaw Exposes Websites to Cyber Attacks

A critical vulnerability was discovered in two plugins developed by miniOrange.The affected plugins,...

ShadowSyndicate Hackers Exploiting Aiohttp Vulnerability To Access Sensitive Data

A new Aiohttp vulnerability has been discovered, which the threat actor ShadowSyndicate exploits.Aiohttp...

Hackers Launching AI-Powered Cyber Attacks to Steal Billions

INTERPOL's latest assessment on global financial fraud uncovers the sophisticated evolution of cybercrime, fueled...
Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Mitigating Vulnerability Types & 0-day Threats

Mitigating Vulnerability & 0-day Threats

Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.

  • The problem of vulnerability fatigue today
  • Difference between CVSS-specific vulnerability vs risk-based vulnerability
  • Evaluating vulnerabilities based on the business impact/risk
  • Automation to reduce alert fatigue and enhance security posture significantly

Related Articles