Mobile malware GriftHorse infects over 10 million Android devices
The malware stole millions from infected Android devices
September 30, 2021 / 12:26 PM IST
GriftHorse fleeced Android owners for millions
Malicious software or malware isn't a new occurrence. Variants of malware have infested nearly everything from routers to computers but a particular brand of malware called GriftHorse has infected more than 10 million Android devices and taken its victims for a ride.
Zimperium zLabs put up the numbers in a blog post, as they discovered a global malware campaign. Further research led to the discovery of GriftHorse, a trojan that was distributed through various applications using the Google Play store and third-party Android alternatives.
GriftHorse bombards users with pop-ups claiming that they have won a prize. These are extremely high-frequency notifications, showing pop-ups five to six times per hour. Once a user clicks on it, they are taken to a page that tells them to enter their phone number for verification.
In reality, the page signs them up for a premium SMS service that would charge them 30 euros per month. This charge is added to the phone bill. What makes this worse, is the organisers of this campaign took pains to avoid getting caught.
GriftHorse had a different form of operation, based on the country and has been active since November 2020. Google has acted on the discovery and removed the malicious apps from the store but these may still be active on alternative third-party stores.
"These cyber criminals took great care not to get caught by malware researchers by avoiding hardcoding URLs or reusing the same domains and filtering / serving the malicious payload based on the originating IP address’s geolocation. This method allowed the attackers to target different countries in different ways," said Zimperium in the blog post