ExpensiveWall is a type of Android malware that sends fraudulent SMS messages and charges users’ accounts for fake services without their knowledge. It is also capable of collecting data about the device such as location and IP address. It is estimated that at least 50 apps were impacted by this malware and were collectively downloaded between 1 million and 4.2 million times before they were removed from the Google Play store. ExpensiveWall appears to generate profit for the malware developers by charging victims for fake services and forcing users to click on advertisements. Researchers believe that mobile malware developers are spreading ExpensiveWall through a software development kit (SDK) called “gtk” which is then embedded in legitimate apps. It was also advertised on several social media platforms such as Instagram, which may have spurred the prolific number of downloads. BleepingComputer provides a list of infected apps here.
- Check Point Software Technologies, LTD. provides a technical analysis of ExpensiveWall here.