An Android Trojan campaign has been charging unsuspecting victims around €36 (£31) per month since at least November 2020, researchers have found.
Known as GriftHorse, the Trojan masquerades under seemingly innocent Android applications such as puzzle games, educational software, dating apps, as well as a translator that had garnered more than 500,000 downloads alone.
The GriftHorse campaign was developed using the Apache Cordova mobile application development framework, which allows developers to use HTML5, CSS3, and JavaScript for cross-platform mobile development. However, the technology also makes it possible for the developers to deploy updates to apps without requiring users to update the app manually.
Although oftentimes useful for quick fixes, this capability can also be abused to host malicious code on the server as well as execute it in real-time.
Once an app was downloaded, victims were asked to verify their identity using an SMS code which, in reality, subscribed them to being charged around €36 (£31) per month through their phone bill. Many of the affected users failed to notice the theft for the first few months, and were only able to stop the unsolicited payments by contacting their mobile network provider.
This means that, as of today, some 10 million victims from over 70 countries, including the UK, could have lost €360 (£310) each to cyber criminals.
RELATED RESOURCE
The business value of running applications on VMware Cloud on AWS in VMware Hybrid Cloud Environments
An IDC study on the benefits of VMware Cloud
Researchers from mobile security company Zimperium zLabs reported the Trojan to Google earlier this year, which in turn removed the malicious applications from the Google Play store. It's likely that the last payment will have been taken in April 2021, when the campaign was last reported active.
Zimperium’s researchers believe that the malicious apps “are still available on unsecured third-party app repositories” and continue to place Android users at risk.
It also highlights “the risk of sideloading applications to mobile endpoints and user data”, as well as the need for “advanced on-device security”, according to Zimperium researchers Aazim Yaswant and Nipun Gupta.
Android users should verify the identity of the apps they wish to download and conduct an assessment provided by Zimperium, the researchers have warned.
“[The] GriftHorse Android Trojan takes advantage of small screens, local trust, and misinformation to trick users into downloading and installing these Android Trojans, as well frustration or curiosity when accepting the fake free prize spammed into their notification screens,” said Yaswant and Gupta.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
The worst Google scams and how to avoid themIn-depth Google provides a vast amount of knowledge at your fingertips, but scammers lie in wait if you search for the wrong thing
-
Dropper RealShell shows malware devs are getting smarterNews The Android Trojan dropper can avoid existing defences to install malicious files on Android devices
-
Android app strips personal dataNews Trojan wallpaper app signals a rising mobile data threat
-
New Mac trojan disguises itself like Space InvadersNews Video games, malware and Macs clash head on with a new trojan that runs a game which deletes files by killing aliens.
-
Could Hotmail password theft be due to a trojan?News A researcher says there is evidence that not all of the Gmail and Hotmail account passwords were taken as a result of phishing.
-
Could AVG start working on the Apple Mac platform?News Does AVG, well known for its free security software product, look to provide Apple anti-virus?
-
Warning to watch out for infected Windows 7News Tried to download Microsoft Windows 7 off a torrent site? You may have downloaded malware to go with it.
-
Second trojan found in pirated Mac softwareNews Another trojan is planted in a program to take advantage of computer users downloading pirated copies of Adobe Photoshop CS4.
