Problem solve Get help with specific problems with your technologies, process and projects.

ExpensiveWall malware: How does this SMS attack function?

A new SMS malware known as ExpensiveWall was recently discovered by Check Point. Learn how it infects devices and puts Android device users at risk with expert Nick Lewis.

Check Point Software Technologies Ltd. recently discovered a type of SMS malware called ExpensiveWall, which has...

infected millions of Android devices. How does ExpensiveWall malware work, and what risks does it pose?

Phone fraud, and using the phone billing system to generate revenue goes back decades, as criminals can easily call a 900 number or send an SMS message to a premium rate service that then bills the user. Just wait until internet of things devices with connections to cellular networks and SMS functionality start getting abused by criminals who send SMS messages or call premium rate numbers.

Once criminals learn an effective way to make money, they continue to build upon those tactics until technical controls are implemented to stop specific attacks. Given that the functionality of sending SMS messages or calling premium rate numbers is not going to be removed or restricted in the near future, implementing a technical control on the endpoint may be the only way to protect against this type of fraud.

Check Point discovered a related type of SMS malware called ExpensiveWall that has infected millions of Android devices. ExpensiveWall malware was published in the Google Play Store and requires users to manually install it on their system.

Even though Google promptly removed the malware from their Play Store after being contacted by Check Point, it didn't uninstall the app from the impacted endpoints -- the app was even advertised via Instagram.

Since ExpensiveWall malware used a custom packer, it may have prevented Google Play's security checks from identifying any of its malicious actions. Once the app is installed, it asks the user for permission to send text messages or the app won't finish installation. Furthermore, the app uses a command-and-control server and sends it data about the endpoint.

Users can detect the ExpensiveWall malware when viewing their phone bill. However, these malicious actions could eventually be used for greater harm.

Ask the expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)

This was last published in March 2018

Dig Deeper on Mobile security threats and prevention



Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Have you or your organization been exposed to SMS malware?