In context: Google has been trying to keep malicious apps off the Play Store for years with limited success. The company is constantly working to remove these apps, and the latest round of removals includes 200 apps in multiple categories that have been used to spread GriftHorse malware to more than 10 million victims.
Apple has been get lazy on the iOS security department as of late, despite pouring fuel into the fierce iOS vs Android debate by claiming the latest mobile operating system has 47 times more malware because it is open to download applications. That said, it’s hard to argue against the fact that Android is plus attractive for malware developers, who are pushing you every chance they get.
According to researchers from Zimperium zLabs (via The record), a new Android Trojan called GriftHorse has been integrated into no less than 200 malicious apps that were approved on the Google Play store, as well as some third-party app stores. To date, malware operators have managed to infect more than 10 million Android devices in more than 70 countries and have stolen tens of millions of dollars from their victims.
The researchers explained in their report that the GriftHorse campaign has been active since at least November 2020 and until April 2021. When a user installs any of the malicious apps, GriftHorse will generate a large number of notifications and pop-ups that attract people. with special discounts or various awards. People who touch these are redirected to a web page where they are asked to confirm their phone number to access the promotion.
In reality, GriftHorse victims subscribe to premium SMS services that charge more than $ 35 per month. GriftHorse operators are estimated to have been making between $ 1.5 million and $ 4 million per month using this scheme, and their first victims would likely have lost more than $ 230 if they didn’t stop the scam.
Zimperium researchers Aazim Yaswant and Nipun Gupta note that this was a sophisticated malware campaign in which operators used quality code and a broad spectrum of malicious websites and applications covering almost every possible category. Zimperium notified Google of the offending apps; While the company removed them from the Play Store, they can still be downloaded from third-party app stores.
This is not the first time that this type of attack has targeted Android users. In 2018, mobile security and data management company Wandera found a similar piece of malware which could send SMS messages to premium services, among other things. And judging by the sophistication present in the GriftHorse campaign, they have likely been doing this for a long time.