\With the recent hack of Equifax on many people’s minds, users are increasingly wary of securing their data and identities. Most users take steps to secure their home desktops, but one arena rarely discussed is the question of smartphone security. Users take for granted that modern cellphones are essentially pocket-sized computers, capable of web browsing, gaming, and other conveniences.
However, this means that smartphones are just as vulnerable to hacking and malware as their desktop counterparts. Check Point Software, a leader in the world of cyber security, appears to have uncovered a malware outbreak in none other than Google Play, a smartphone software and app provider used by millions across the globe.
This summer has proved a difficult and controversial period for Google. Check Point Software’s first discovery of Google Play malware came in May of this year with their revelation regarding the “Judy” malware. Allegedly propagated by a South Korean software firm, the “Judy” malware involved a surreptitious piece of ad-clicking malware hidden in as many as 41 apps. With over 36 million downloads, it may hold the record for the largest scale attack to originate from the Play store. Google was forced to delete 40 applications to prevent the scandal from growing any larger. Check Point’s latest discovery is somewhat smaller but still alarming in terms of scale.
Dubbed “ExpensiveWall,” this latest batch of malware is estimated to have affected 21.1 million customers based on downloads. The ExpensiveWall malware was hidden inside several apps that offered seemingly innocuous cellphone home and lock screen wallpapers. Once installed, the malware went to work sending out SMS messages at premium rates and high charges for fake services. A minimum of 50 apps were found to be compromised by ExpensiveWall. Check Point placed the download count at somewhere between 1 million to a little over 4 million, while antivirus company McAfee uncovered significantly more and published their own count at anywhere from 6 million to roughly 21 million.
As with the Judy malware outbreak, Google has responded by deleting the offending apps from the Play store. The remaining question is how the tech giant plans to handle the problem in the long term beyond depending on users and outside security firms to identify and report malware well after it has infected millions of machines. Android certainly shares some of the responsibility and given both companies’ resources, it shouldn’t be long before some of the vulnerabilities in the app store are addressed.