Skip to main content

Millions of Android phones infected with this dangerous new malware

app security
(Image credit: Shutterstock.com)

Security researchers have shared details about a malware strain that has reportedly infected over 10 million Android devices across more than 70 countries. 

Discovered by mobile security firm Zimperium, the GriftHorse malware subscribes users to premium SMS services, and has been at it since at least November 2020.

In a joint blog post, Zimperium researchers Aazim Yaswant and Nipun Gupta, describe GriftHorse as one of the “most widespread campaigns” they’ve tracked this year.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> Click here to start the survey in a new window <<

The duo estimate that the malware would have helped the gang mint “hundreds of millions of Euros.”

Sophisticated malware

The researchers note that the malware is distributed through benign-looking apps that are listed on the official Google Play Store as well as on third-party Android app stores.

When installed, the malware will inundate the users with fraudulent pop-ups and notifications handing out fake prizes and special offers. If a user clicks on the notification, they’ll be asked to enter their phone numbers to claim their winnings, inadvertently subscribing to expensive premium SMS services.

What makes the GriftHorse campaign really effective though is the amount of work its developers have invested in polishing the malware’s code quality. To further its reach, the researchers point out that the threat actors behind the malware have put in conscious effort to distribute it across a well-thought of spread of apps.

“The level of sophistication, use of novel techniques, and determination displayed by the threat actors allowed them to stay undetected for several months,” note the researchers.

Zimperium brought the campaign to Google’s notice, and the infected apps have since been zapped from the Play Store.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.