Discovered by mobile security firm Zimperium, the GriftHorse malware subscribes users to premium SMS services, and has been at it since at least November 2020.
In a joint blog post, Zimperium researchers Aazim Yaswant and Nipun Gupta, describe GriftHorse as one of the “most widespread campaigns” they’ve tracked this year.
We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.
- Shield yourself with these best identity theft protection services
- We've put together a list of the best endpoint protection software
- These are the best malware removal software on the market
The duo estimate that the malware would have helped the gang mint “hundreds of millions of Euros.”
The researchers note that the malware is distributed through benign-looking apps that are listed on the official Google Play Store as well as on third-party Android app stores.
When installed, the malware will inundate the users with fraudulent pop-ups and notifications handing out fake prizes and special offers. If a user clicks on the notification, they’ll be asked to enter their phone numbers to claim their winnings, inadvertently subscribing to expensive premium SMS services.
What makes the GriftHorse campaign really effective though is the amount of work its developers have invested in polishing the malware’s code quality. To further its reach, the researchers point out that the threat actors behind the malware have put in conscious effort to distribute it across a well-thought of spread of apps.
“The level of sophistication, use of novel techniques, and determination displayed by the threat actors allowed them to stay undetected for several months,” note the researchers.
Zimperium brought the campaign to Google’s notice, and the infected apps have since been zapped from the Play Store.
- Protect your devices with these best antivirus software