These 50 Virus Apps Bypassed Google Play Protection Twice

In the last year, threats targeting Android have increased by up to 40%. What is usually recommended to users, apart from having the proper protections on their devices, is not to download applications from unofficial sites Why? Well, to avoid infections.

In principle it is considered that the Google Play Store is a safe enough space for users to download applications without problems. But other times we have seen that this is not exactly the case.

Today we learned, in fact, that some apps have bypassed the protection of Google Play. And that this circumstance had already been reiterated on two occasions.

Relatively recently, security firm Check Point detected a total of 50 applications that were available on Google Play, Google's official store. All of them of a malicious nature.

According to this security firm, applications charged users for billing services. Without your express consent, of course. After being downloaded more than 4.2 million times, Google withdrew them from the market.

Now the same security firm has warned that applications from the same family have returned to Google Play. And that they have infected more than 5,000 new devices.

50 apps with viruses that bypassed protection twice

According to Check Point, which is the company that has detected the problem again, the applications that would be back in the Google store would be part of the same family as previous. Baptized by them as ExpensiveWall.

Their modus operandi is to collect all phone numbers, locations, and unique identifiers from the teams. And in subscribe users to premium services These text messages are billed to the account of the poor unwary. And the criminals are in charge of amassing profits.

Investigators have been unable to determine how much money those responsible for this attack could have raised. All they know is that the apps already had between 1 and 4.2 million downloads.

But why aren't alarms going off on Google Play?

For an application to be accepted in the Google application store, it must meet a series of requirements. One of them, logically, not be the germ of a scam. Nor act fraudulently against the interests and without the consent of the users.

ExpensiveWall is behind an app called LovelyWall. But this is one of fifty that have been located. And surely you have wondered, how is it possible that Google did not detect the threat earlier?

Well, very simple. Those responsible for these applications use a technique to hide it. Compressing and encrypting the executable before it is uploaded to Google Play. That's why they're able to hide malware so it's unnoticed by Google scanners.

The malicious file is unpacked afterwards. When the application is considered to be already settled on the device. What is clear is that the attackers' technique is still effective. Because they have managed to bypass Google's protections up to two times.

The system could be used for other purposes

ExpensiveWall may actually be the beginning of it all. Because malware could also be used to steal images, audio, and sensitive data from devices , to send them to certain servers.

Experts say that it is a perfect spy tool Because it is able to operate completely without the victim's knowledge. As explained in Ars Technica, even if Google has removed the applications again, the devices that have these apps installed will continue to be infected.Unless they remove them from the root.

If users are running an old version of Android they may never be able to disinfect All you can (and should) do is check if this is your case. You can check the list of apps detected by Check Point and take a look at the report here.