A newfound Android Trojan has reportedly stolen millions of Euros from over 10 million Android smartphone users globally, reveals a new report by security research team Zimperium zLabs. The damage could be in the hundreds of millions of Euros.
GriftHorse — as named by Zimperium zLabs — is a Trojan attack that uses malicious Android OS apps to take advantage of user interactions and trick them into signing up for a hidden premium service.
Upon infecting an Android smartphone, the Trojan starts sending alert pop-ups about a fictional prize. These pop-ups reappear roughly five times an hour until the user taps the notification to accept the offer. The malware then redirects the victim to a geo-specific webpage where they’re asked to leave their phone number for verification.
In turn, the page uses that phone number to submit it to a premium SMS service that charges the owner over 30 Euros every month. GriftHorse has targeted users in over 70 countries.
How to avoid these malicious GriftHorse apps?
According to the research team, GriftHorse attacks began around November 2020 through malicious apps that were initially distributed through the Google Play Store as well as other third-party app stores.
The good news is that Google is aware of the problem and has already removed the malicious apps from the Play Store. The problem, however, is that malicious GriftHorse apps still exist on third-party websites and unsecured repositories. So if you are going to side-load an app, at least make sure you obtained it from a reputable source.
Now that the GriftHorse malware was publicly disclosed, it’s likely that Google and other store owners already took action against it, so you probably need not worry about your phone’s security when downloading apps from the Google Play Store or the Galaxy Store. But as always, you should be making sure that your Galaxy device has the latest security patch available.
Previously, Zimperium zLabs discovered one of the “most sophisticated” Android malware that was distributed through a malicious app called “System Update.”