Google purges malicious Android apps with millions of downloads

Malware hidden in the Android apps would secretly register victims for paid services or send fraudulent text messages that people would have to pay for.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
2 min read

This app is one of many fake apps removed from the Google Play Store, Check Point said.

Check Point

These fake apps were free, but they ended up costing millions of people using Android.

Researchers from Check Point, a security company, said Thursday that they discovered 50 apps hiding malware on the Google Play Store. The malware was downloaded between 1 million and 4.2 million times before the affected apps were removed, said Check Point. 

These viruses were disguised as free wallpaper, camera and video editing apps, but contained a costly side effect. Malware in the apps would secretly register victims for paid services or send fraudulent text messages that people would have to pay for. Check Point named the malware "ExpensiveWall," after finding the majority of the infected apps were fake wallpapers. 

ExpensiveWall is actually a new strain of a previously known malware, which McAfee discovered in January on Google Play. "The entire malware family has now been downloaded between 5.9 million and 21.1 million times," said Check Point's researchers in a blog post.

The security company said it notified Google on Aug. 7 about the phony apps, and it quickly removed them. But within days, even more fake apps popped up, and they were downloaded more than 5,000 times before Google removed the new crop.

Watch this: Over a million Google accounts compromised by malware

The fake apps were able to slip by Google's Play Protect, which is supposed to scan Android devices for malicious software, because scammers "packed" the malware, an advanced hiding technique that ducks under Google's radar, Check Point said.

"We've removed these apps from Play and always appreciate the research community's efforts to help keep the Android ecosystem safe," a Google spokesman said in a statement.

Even though Google removed the apps from its store, if you downloaded one, your device is still infected, Check Point's researchers warned. 

First published Sept. 14, 7:25 a.m. PT. 
Updated, 9:33 a.m. PT
: To include comment from Google.

It's Complicated: This is dating in the age of apps. Having fun yet?

Tech EnabledCNET chronicles tech's role in providing new kinds of accessibility.