Android attacked by ExpensiveWall malware

by Olivia Morelli - -

One of the biggest Android infections

Android users are in danger once again – a huge attack has recently been implemented to target app users.

Android ExpensiveWall infection

The infection affected more than 50 applications on Google Play store, which were downloaded more than 4.2 million times.[1] There are 21.1 million devices affected. This is the biggest attack since the Judy infection, which attacked at least 36 million users.[2]

This malware, called ExpensiveWall, can cause a lot of damage to its victims by using methods that are not very common – it was made to collect money by deceiving users. ExpensiveWall gets revenue by sending text messages to premium-rate numbers, which are usually quite expensive. Some victims claim to have lost about 10 euros per week.[3]

This method works in two different ways – some users must pay for each text message sent, others get an unwanted subscription, for which they have to unwillingly pay until canceling it by sending an SMS.

This is very concerning because the damage caused is quite huge. The victims can lose huge amounts of money if they don’t notice the attack on time.

Another threat ExpensiveWall poses is the danger to lose some sensitive information. Given the right circumstances, it can steal personal data.[4] For example, by using the victim’s IP address, it can detect the location of the person. Likewise, the malware may start recording sound or taking pictures when you least expect it. Given all the things the virus does, money is not the only concern.

The way ExpensiveWall is spread

Some of the infected apps include “Tool Box Pro”, “Tide Camera”, “Wifi Booster”, “Horoscope”, and “I Love Filter”. Maybe the most notorious one is “Lovely Wallpaper” – the ExpensiveWall infection got its name from this app.[5]

The malware took some time to get spotted because of its intricate hiding technique, which is called “packing”.[6] When it is used, the code of the malware is encrypted so that Google couldn’t detect it even with its advanced methods.

To protect yourself from such malicious apps, you must always read the comments that are shown below the application. Some of the infected apps had a lot of 1-star reviews and comments saying that it is a virus that steals your money.

It seems that a certain number of people would have avoided the infection if they had read the comments first.

However, many people thought the apps to be legitimate because they had been advertised on Facebook and, probably, Instagram.

What you should do in case of an infection

The applications containing ExpensiveWall were taken down by Google. However, many people might still have them on their phones. If you happen to have one of the dangerous apps, you have to remove it manually.

After the removal, you should scan your device with anti-malware software to check whether any threats are left. The program should remove the malware that might still harm you even after the deletion of the malicious apps. You can see the list of our recommended anti-malware tools here.

About the author

Olivia Morelli
Olivia Morelli - Senior Media writer

Olivia Morelli is a senior media writer on Her favorite topic to write about is ransomware attacks and how to deal with them, but she also enjoys covering the topics of other types of malware and VPNs.

Contact Olivia Morelli
About the company Esolutions


Your opinion regarding Android attacked by ExpensiveWall malware

now online
Like us on Facebook