Security researchers Aazim Yaswant and Nipun Gupta at mobile security firm Zimperium have discovered a new malware called GriftHorse was distributed using malicious apps on the Google Play Store and third-party app stores. The malware has been active since November 2020 and has infected over 10 million Android devices across at least 70 countries.
Once any such infected apps are installed, the user gets spammed with popups and notifications offering various prizes and offers. Once users tap these notifications, they’re taken to a page to confirm their phone number under the pretext of availing the offer.
Instead, the users get duped into subscribing to a premium SMS service that charges $35 monthly. This money gets sent to the attackers instead. The researchers who discovered the malware describe it as “one of the most widespread campaigns the zLabs threat research team has witnessed in 2021.”
In the News: Games are coming to Netflix subscriptions soon
Anotther novel virus
Based on the researchers’ findings, the malware operators are making anything from $1.5 to $4 million per month. The malware’s coders heavily invested in their code quality as well, using several different attack vectors, including numerous websites, apps and developer personas to infect as many people as possible while avoiding detection.
According to Yaswant and Gupta, “the level of sophistication, use of novel techniques, and determination displayed by the threat actors allowed them to stay undetected for several months.”
Not only the malware was propagated using a large number of apps. Over 200 to be precise, these apps were also divided across numerous categories on the Play Store to widen the range of victims further. Some of these apps have over a million downloads.
Some of the most popular apps include Handy Translator Pro, Heart Rate and Pulse Tracker, Geospot: GPS Location Tracker, iCare – Find Location, My Chat Translator and Bus — Metrolis 2021. All these apps have a minimum of 100,000 downloads. You can check out the complete app list here.
These apps were last updated in April 2021. Considering the scam started in November 2020, the first victims have been scammed of over $230 by now. Considering the overall number of victims is over 10 million at the moment, the overall profit to the scammers is huge
Zimperium reported that it had contacted Google about the concerned infected apps, and all 200 of them have been removed from the Play Store.
In the News: Telegram bots can now steal your one-time passwords
Someone who writes/edits/shoots/hosts all things tech and when he’s not, streams himself racing virtual cars. You can reach out to Yadullah at firstname.lastname@example.org, or follow him on Instagram or Twitter.