ExpensiveWall: Android users pay the price for downloading poisoned apps

The malware could have infected more than 4 million devices before being discovered

Check Point has discovered new Android malware that is used to send fradulent SMS messages to premium numbers, charging users for each one. The malware's name, 'ExpensiveWall', comes one of the malicious apps that it uses to spread itself. That app is called 'Lovely Wallpaper' and if you ever downloaded it, you do not have our sympathies.

According to Check Point, ExpensiveWall is a "new variant of Android malware that sends fraudulent premium SMS messages and charges for fake services to users' accounts without their knowledge."

According to Google Play data, the malware infected at least 50 apps and was downloaded between 1 million and 4.2 million times, before the affected apps were removed.

Check Point told Google about ExpensiveWall in August, and Google removed all of the spiked apps that the security company told it about back then. However, you should also remove the app from your device at your end.

"While ExpensiveWall is currently designed only to generate profit from its victims, a similar malware could be easily modified to use the same infrastructure in order to capture pictures, record audio, and even steal sensitive data and send the data to a command and control (C&C) server," added the firm in case we weren't worried enough.

"Since the malware is capable of operating silently, all of this illicit activity takes place without the victim's knowledge, turning it into the ultimate spying tool."

A blog from Check Point adds that most of the infected apps come with the kind of reviews that you might expect, and some suggest that it is advertisements on other apps including Instagram, that drew them to the poisoned shit.

"The comments indicate that the app is promoted on several social networks including Instagram," it explained. "Which might explain how it came to be downloaded so many times."