Google recently published its 2017 security report for the Android ecosystem, a comprehensive overview of the constantly evolving mobile threat landscape, which indicates that Trojans, spyware, and hostile downloaders account for a large portion of mobile threats today. Among the eight notable Android malware campaigns cited by Google in the report was ExpensiveWall, a malware discovered by Check Point mobile threat researchers and written about in this space in September 2017.he healthcare industry, by definition, revolves around life and death situations. Downtime due to a cyberattack can not only hamper productivity, it can alter lives. As technology has evolved, that danger has escalated critically. Cyberattackers have become more brazen, using the latest tools and approaches that often exceed the grade of security most organizations have in place. While keeping your security infrastructure up to date is key, it’s also vital to make sure employees are part of the security equation.
Google notes the technical sophistication of ExpensiveWall, and that unlike the other malware highlighted in the report, the outbreak was concentrated primarily in Europe. ExpensiveWall spread through 50 apps on Google Play, reaching between 5.9M and 21.1M downloads. The malware managed to infiltrate Google Play twice. After it was kicked out the first time, it returned in a packed version, allowing it to evade Google Play’s protections.According to a Harvard Business Review article written by three security experts from market research firm Forrester, “In just the first two months of 2018, 24 health care provider organizations reported data breaches affecting over 1,000 patients each, a 60% increase over the same time period last year.” This is probably the tip of the iceberg as it’s likely that many breaches go unreported.
This malware was dubbed “ExpensiveWall” because one of the apps it used to infect users was called ‘Lovely Wallpaper.’ ExpensiveWall registered victims to premium services without their knowledge; sent fraudulent premium SMS messages on their behalf, which then charged their accounts for fake ‘services;’ and also auto-clicks ads. Once a malicious app containing the ExpensiveWall code is downloaded, it requests several common permissions, including internet access, which allows the app to connect to its Command and Control (C&C) server. The malware proceeds to send data regarding the device to the attackers. Another permission requested by the malware is the SMS permission, which enables it to act on its malicious objective by sending premium SMS messages and registering the users for paid services.
The alarming part about ExpensiveWall and other malware of this kind are the many possible threats they can pose. Just as this version was used for premium SMS messages, an attacker can use the same infrastructure to capture pictures, record audio, and steal other sensitive data, then send the stolen information to its C&C server. Since the malware is capable of operating silently, it operates without the victim’s knowledge, turning ExpensiveWall into the ultimate tool for spying.
Employees and businesses should by now recognize that any malware attack is a severe breach of their mobile network, even if it starts out as a seemingly harmless adware. ExpensiveWall is further proof of the need to protect mobile devices against advanced threats.