Malware known as GriftHorse has managed to infect millions of Android phones and already costs victims millions in paid premium services…
Security experts have discovered another malware strain that’s already been deployed on at least ten million Android devices across more than seventy countries. Security researchers at Zimperium identified the threat actor as GriftHorse, malicious code that’s been on the loose since November 2020, perhaps even earlier. And, it’s one of the “most widespread campaigns” the company has tracked this year.
GriftHorse Malware Infects Millions of Android Phones
The GriftHorse malware uses a very familiar bait-and-switch technique. Benign-looking apps conceal the malicious code, which appear on the Google Play Store and other third-party apps stores, as well. Once installed, the malware inundates victims wit fraudulent pop-ups and notifications containing fake prizes and special offers. Anyone who attempts to claim these must enter their phone number and that automatically subscribes victims to expensive premium SMS services. Zimperium explains:
“Zimperium zLabs recently discovered an aggressive mobile premium services campaign with upwards of 10 million victims globally, and the total amount stolen could be well into the hundreds of millions of Euros. While typical premium service scams take advantage of phishing techniques, this specific global scam has hidden behind malicious Android applications acting as Trojans, allowing it to take advantage of user interactions for increased spread and infection.”