In the background: Google has been trying to ban malicious apps from the Play Store for years with limited success. The company is constantly removing these apps, and the latest round of deletions includes 200 apps across multiple categories that were used to spread the GriftHorse malware to more than 10 million victims.
Lately, Apple has been lazy in the security department of iOS, despite fueling the heated debate between iOS and Android by claiming that the latest mobile operating system has 47 times as much malware due to its openness to sideloading apps. However, it’s hard to argue that Android is more attractive to malware developers, who push it out whenever they get the chance.
According to researchers at Zimperium zLabs (via TheRecord), a new Android Trojan called GriftHorse has been included in as many as 200 malicious apps that have been approved on the Google Play Store as well as some third-party app stores. So far, malware operators have successfully infected more than 10 million Android devices in more than 70 countries and stolen tens of millions of dollars from their victims.
In their report, the researchers explained that the GriftHorse campaign was active from at least November 2020 until April 2021. When a user installs a malicious application, the GriftHorse generates a large number of notifications and popups that attract people with special discounts or different prices. People who click on it are taken to a web page where they are asked to confirm their phone number in order to access the promotion.
In fact, GriftHorse victims subscribe to premium SMS services that cost more than $35 per month. It is estimated that GriftHorse operators made between $1.5 million and $4 million per month using this program, and their early victims could potentially lose more than $230 if they didn’t stop the scam.
Zimperium researchers Aazim Yaswant and Nipun Gupta note that this was a complex malware campaign in which operators used high-quality code and a wide range of malicious websites and apps covering nearly every category. Zimperium notified Google of the offending apps; Although the company has removed them from the Play Store, they can still be downloaded from third-party app stores.
This is not the first time that this type of attack has targeted Android users. In 2018, mobile security and data management company Wandera discovered similar malware that, among other things, can send text messages to premium services. And based on the evolution found in the GriftHorse campaign, they’ve probably been doing this for a long time.
“Unapologetic pop culture trailblazer. Freelance troublemaker. Food guru. Alcohol fanatic. Gamer. Explorer. Thinker.”