We use your sign-up to provide content in ways you’ve consented to and to improve our understanding of you. This may include adverts from us and 3rd parties based on our understanding. You can unsubscribe at any time. More info
Android users are being warned of a fresh threat that has already cost millions of phone users huge sums of cash. The new alert comes via the security team at Zimperium who discovered a vicious new type of malware called GriftHorse. It’s thought this bank account-raiding bug has already managed to infect millions of devices with it then signing up unsuspecting users to expensive monthly subscriptions without their permission.
The GriftHorse Trojan uses a well-known tactic to infiltrate devices with it hidden inside apps that appear pretty harmless. Once installed it then sets about bombarding users with alerts letting them know they have won a prize and need to claim their winning immediately.
These endless pop-ups reappear no less than five times per hour which often leads the phone user into accepting the cash just to stop the constant alerts.
Zimperium says that, upon accepting the invitation for the prize, the malware redirects the victim to a geo-specific webpage where they are asked to submit their phone numbers for verification.
But in reality, they are submitting their details to a premium SMS service that then starts charging their phone bill €30 (£25) per month.
Nearby Share: Android explain how users can use new feature
The victim does not immediately notice the impact of the theft, and the likelihood of it continuing for months before detection is high, with little to no recourse to get the money back.
It’s thought the tactic has already led to hundreds of millions of Euros being stolen.
Google has now been informed of the infected apps and banned them from the Play Store but it’s vital that you check your device and remove any applications from the list which can be found here.
Here are a few of the most popular apps that have been infected with the GriftHorse Trojan.
• Handy Translator Pro • 1 million downloads
• Heart Rate and Pulse Tracker • 500,000 downloads
• Bus – Metrolis 2021 • 500,000 downloads
• Fingerprint Changer • 500,000 downloads
• Bus Driving Simulator • 500,000 downloads
• OFFRoaders – Survive • 500,000 downloads
• Amazing Video Editor • 500,000 downloads
• Horoscope : Fortune • 100,000 downloads
• PhoneControl Block Spam Calls • 100,000 downloads
• SnapLens – Photo Translator • 100,000 downloads
Speaking about the threat, Zimperium said in a post on its blog: “With the increase of mobile device use in everyday life, it is no surprise to see cybercriminals targeting these endpoints for financial crimes. Zimperium zLabs recently discovered an aggressive mobile premium services campaign with upwards of 10 million victims globally, and the total amount stolen could be well into the hundreds of millions of Euros. While typical premium service scams take advantage of phishing techniques, this specific global scam has hidden behind malicious Android applications acting as Trojans, allowing it to take advantage of user interactions for increased spread and infection.”
Source: Read Full Article