Over 200 apps in 18 different app categories have tacitly registered victims on premium SMS services.
New Android malware has successfully infected more than 10 million devices in more than 70 countries.
As The Record reports, the malware is called GriftHorse and it was discovered by researchers at mobile security company Zimperium. A large number of previously undetected infected devices is due to the method of distribution, which relies on “cool apps” available for download from the Google Play Store. It is also helpful that no antivirus vendor has detected the malware it contains.
Once installed, these apps will display user pop-ups and notifications of special offers and prices. When one of them is touched, the user will be prompted to enter their phone number to receive the offer or price. This way, they unknowingly subscribed to a premium SMS service that costs $ 35 or more each month. Of course, that money goes to the gang behind GriftHorse.
With more than 10 million infected devices, the gang is expected to generate between $ 1.5 million and $ 4 million in monthly revenue. According to Zimperium researchers Aazim Yashwant and Nipun Gupta, GriftHorse’s success is due to “the quality of malicious code used by a wide variety of websites (194 domains), malicious applications and developers to avoid to infect and detect users ”. as much as possible. ”
The breadth of the infected app ecosystem is also impressive, spanning over 200 apps in 18 different categories, including tools, puzzles, communication, dating, lifestyle, finance, career, entertainment, music and audio, health and physical condition, productivity, simulation, food. . and drink, sport, education, food, action, and personalization.
Fortunately, these apps were removed after Zimperium contacted Google about the malware, but it has been up and running since at least November 2020, raising questions about the extent of the app’s criticism on the Play Store.