At this year’s I/O, Google announced Play Protect, a user-facing security screening process for apps on Android phones based on the old Verify Apps. Basically, it scans apps you install, comparing their content against known malware components, and notifies you if any potential risks are found. And it turns out, it’s not infallible, as an older “packed” malware package was able to trick it.
The folks over at Check Point identified a “packed” malware they’re calling ExpensiveWall, after an app containing the malware called “Lovely Wallpaper.” It surreptitiously registers users for premium services via SMS, charging their accounts for services they don’t want, and which the malware creators profit from.
Google’s Play Protect didn’t catch obfuscated malware with up to 20 million installs on the Play Store was written by the awesome team at Android Police.