Skip to content

‘Grifthorse’ Android malware runs over 10 million victims using 200+ apps

Security researchers Aazim Yaswant and Nipun Gupta at mobile security firm Zimperium have discovered a new malware called GriftHorse was distributed using malicious apps on the Google Play Store and third-party app stores. The malware has been active since November 2020 and has infected over 10 million Android devices across at least 70 countries. 

Once any such infected apps are installed, the user gets spammed with popups and notifications offering various prizes and offers. Once users tap these notifications, they’re taken to a page to confirm their phone number under the pretext of availing the offer.

Instead, the users get duped into subscribing to a premium SMS service that charges $35 monthly. This money gets sent to the attackers instead. The researchers who discovered the malware describe it as “one of the most widespread campaigns the zLabs threat research team has witnessed in 2021.”

In the News: Games are coming to Netflix subscriptions soon


Anotther novel virus

Based on the researchers’ findings, the malware operators are making anything from $1.5 to $4 million per month. The malware’s coders heavily invested in their code quality as well, using several different attack vectors, including numerous websites, apps and developer personas to infect as many people as possible while avoiding detection.

A map showing all infected countries | Source: Zimperium

According to Yaswant and Gupta, “the level of sophistication, use of novel techniques, and determination displayed by the threat actors allowed them to stay undetected for several months.”

Not only the malware was propagated using a large number of apps. Over 200 to be precise, these apps were also divided across numerous categories on the Play Store to widen the range of victims further. Some of these apps have over a million downloads.

Some of the most popular apps include Handy Translator Pro, Heart Rate and Pulse Tracker, Geospot: GPS Location Tracker, iCare – Find Location, My Chat Translator and Bus — Metrolis 2021. All these apps have a minimum of 100,000 downloads. You can check out the complete app list here.

Screenshots of the fake notifications and phone number verification screens | Source: Zimperium

These apps were last updated in April 2021. Considering the scam started in November 2020, the first victims have been scammed of over $230 by now. Considering the overall number of victims is over 10 million at the moment, the overall profit to the scammers is huge

Zimperium reported that it had contacted Google about the concerned infected apps, and all 200 of them have been removed from the Play Store. 

In the News: Telegram bots can now steal your one-time passwords

Hello There!

If you like what you read, please support our publication by sharing it with your friends, family and colleagues. We're an ad-supported publication. So, if you're running an Adblocker, we humbly request you to whitelist us.

Share on facebook
Share on whatsapp
Share on twitter
Share on reddit
Share on linkedin
Share on pocket
Share on pinterest
Share on telegram
Share on stumbleupon
Share on digg
Share on tumblr
Share on email
Share on skype
Share on xing
Share on vk
Share on odnoklassniki
Share on mix








>