Researchers at Check Point discovered a new Android malware variant dubbed "ExpensiveWall" that is believed to have infected up to 21 million Android devices. The researchers warn users that the malware sends fraudulent premium SMS messages and charges for fraudulent services. ExpensiveWall collects data about the infected device, including location and IP address. Similar to the Android malware variant Judy, it can force users to click on online advertisements, another tactic threat actors use to make money. According to Check Point, infected apps that were installed before they were removed from the Google Play Store will remain installed on users’ devices. BleepingComputer provides a list of infected apps here. The NJCCIC recommends Android users and administrators review Check Point's report and our ExpensiveWall Threat Profilefor more information, enable Google Play Protect, and conduct research on the developers before downloading apps on the Google Play Store.