ExpensiveWall Malware Bypasses Google Play Protect, Potentially Affects 20 Million Users
Google Play Store is used by over a Billion users and is easily the most popular application on any Android smartphone. The play store is where you get access to all the latest apps and games that help you make good use of your phone. It is essential that the apps and games are secure and virus-free. In an attempt to beef up security, Google introduced us to Google Play Protect last month.
However it looks like there are already flaws in Google Play Protect detection algorithms as it failed to identify a malware which can potentially affect over 20 Million users.
Google Play Protect periodically checks apps for malware.
The ExpensiveWall Malware has been spotted on multiple apps and it is expected that the apps’ total reach would be around 20 Million users. What this malware does is that it gains access to your phone’s SMS and Internet connectivity in the app permissions. It seems normal at first but you’d later realize you are being charged for services you did not subscribe for.
The malware makers benefit from these service activations. It is surprising that it got passed Google’s latest security measure, Google Play Protect.
For those wondering how Google Play Protect detects malware and malicious apps, it is done via comparing the contents of the app vs contents of known malware. This helps ensure that no malicious pieces of code pass through and users remain protected. This is a particularly useful and much needed feature because of the sheer volume of apps on the Google Play Store.
ExpensiveWall has shown that this protection service is not infallible.
However it looks like Google Play Protect too, has some flaws of its own. This malware in the Google Play Store was detected by the team of security researchers at Check Point. Google is now expected to pull down the malicious apps from the Google Play Store and have the developers release a new version which will be malware free completely replace the old app.
This incident does expose the chinks in the armor yet again. Who knows, there might be more such apps out there. Stay safe and do not give permissions to apps from untrusted developers unless absolutely necessary.
Source: Check Point
