The Android malware identified as Android.Exprespam has only been around for a few weeks. However, experts say that it might have already infected thousands of devices.
According to calculations made by Symantec researchers, the fake market which serves Exprespam, Android Express’ Play, has been visited 3000 times in one week alone (January 13-January 20).
This means that it could have been used to steal as many as 450,000 pieces of personal information, assuming that it has been installed on 3,000 devices, each with an average of 150 contacts.
The most worrying fact is that the cybercriminals behind Exprespam have already created a new fake market on a recently registered domain. The site is not active yet, but it already hosts a new version of the malware.
Furthermore, experts say that the cybercriminals will most likely continue to update and improve their campaign, unless they’re caught, which is unlikely to happen anytime soon.