Millions of Android devices from over 70 countries have been affected by a newly discovered mobile campaign in the form of an Android app subscribing the individuals to premium services costing €36 (₦18,000) per month without their knowledge.
This has been dubbed the “GriftHorse” by the Zimperium zLabs and the trojan is said to be a money-making scheme being under active development starting from November 2020, with victims spreading across China, Canada, France, Germany, India, Uk and the U.S.
Well over 300 Trojan applications were used, making it a part of the most widespread scams to have been uncovered in 2021. The malicious app caters to a varied set of categories ranging from Tools and Entertainment to Lifestyle and Dating thus widening the scale of the attacks with some of the apps amassing as much as 400,000 downloads.
It is a common technique for scammers to adopt phishing as a mode of attack but this scam has hidden behind malicious Android applications acting as a Trojan thus allowing it to take advantage of user interactions for increased spread and infection said Aazim Yaswant of Zimperium zLabs.
“These malicious Android applications appear harmless when looking at the store description and requested permissions, but this false sense of confidence changes when users get charged month over month for the premium service they get subscribed to without their knowledge and consent.”
The GriftHorse does not exploit flaws in the Android OS, but rather through social engineering gets users to subscribe their phone numbers to premium SMS services upon downloading the apps.
Upon successful infection, victims are bombarded with deceptive alerts promising a free “GIFT” that when clicked, redirects them to a geo-specific webpage to submit their phone numbers for verification. Behind the verification, they do not know they are submitting their phone number to a premium SMS service that would start charging their phone bill over €30 per month.
Following disclosure to Google, the apps have been taken off the Play Store but they continue to be available on untrusted thirdy-party app repositories, once again underscoring the risks associated with sideloading arbitary applications and how they can emerge as an intrusion route for malware. The GriftHorse Android Trijan takes advantage of small screens, local trust and misinformation to trick users into downloading and installing these Android Trojan.
Always becareful when downloading applications and giving personal informations both online and offline – SlyTech.