X

New Android Trojan Stole Millions From Android Users

According to a report from Zimperium Labs, a new trojan known as ‘GriftHorse’ stole millions of Euros from Android users. It is reported that this Trojan hit around 10 million victims on a global scale.

The estimated value of stolen cash goes into hundreds of millions of Euros. Instead of using phishing to lure in users, this scam hid inside Android applications which acted as Trojans, basically.

New Android Trojan discovered, it stole millions of Euros from users

This Trojan was found in quite a few Android apps, which did seem harmless at first. Those apps then subscribed users to premium services without their knowledge, and stole cash from them.

This campaign has been in motion since November 2020, reports the source. The apps in question were distributed through the Google Play Store and third-party application stores. Zimperium Labs did notify Google of all this, and the company removed malicious apps from the Play Store.

Do note that those apps are still available in third-party stores, and app repositories, so be very careful what you download. In case you’re wondering what those apps are, a full list can be found in the images below, along with some additional information about them.

So, how did GriftHorse scam users, exactly? Well, users who installed the affected app, ended up being subscribed to premium services without their knowledge. As a result, they were charged around €36 a month.

GriftHorse was active in over 70 countries

GriftHorse targeted millions of users from over 70 countries. It was serving selective malicious pages to users based on the geo-location of their IP addresses. The scam was presented in their local language, which made it more plausible.

Users, of course, needed to share their information in order for this scam to work, and many of them did, it seems. Upon infection, users ended up being bombarded with alerts that they had won a prize, and needed to claim it.

Such pop-ups ended up showing up five times per hour, until the user accepted the offer. Once they accepted it, they were redirected to a geo-specific website where they were asked to submit their phone number, for verification purposes.

Why did GriftHorse want those phone numbers? Well, so that it can subscribe users to a premium SMS service that would charge them over €30 per month. It took some users months to notice the scam.

So, some user interaction is necessary for this scam to work, but it seems like it worked on a lot of users, as tons of Euros ended up being stolen.