Millions of Android users may have malware on their phones costing them extra money after they unwittingly downloaded infected apps from the Google Play Store.
At least 50 apps in the store contained malware, according to researchers at Check Point, a security company. The apps have now been removed, but the malware was downloaded between 1 million and 4.2 million times before Google kicked the apps out of its store, Check Point said Thursday.
The malware — nicknamed “ExpensiveWall” — came hidden in free wallpaper, video and photo editing apps, as CNET first reported. Once people downloaded the apps, the virus would register them for paid services without their knowledge or send text messages that users would have to pay for.
ExpensiveWall is similar to a kind of malware that McAfee found on Google Play in January. The whole “malware family” has now been downloaded between 5.9 million and 21.1 million times, according to Check Point.
Google Play has built-in anti-malware protections, but the apps in question got past those because the malware was “packed,” an advance hiding technique, according to Check Point.
Once Check Point told Google about its findings on Aug. 7, the tech giant acted quickly to remove the apps. But a few days later, malware again infected another 5,000 devices, Check Point said, before it was removed a second time.
“We’ve removed these apps from Play and always appreciate the research community’s efforts to help keep the Android ecosystem safe,” a Google spokesman said in a statement.
If users still have any of the infected apps on their phone, though, the malware is still there, so the apps need to be removed manually.