A newly discovered “aggressive” mobile campaign has infected north of 10 million users from over 70 countries via seemingly innocuous Android apps that subscribe the individuals to premium services costing €36 (~$42) per month without their knowledge.
Zimperium zLabs dubbed the malicious trojan “GriftHorse.” The money-making scheme is believed to have been under active development starting from November 2020, with victims reported across Australia, Brazil, Canada, China, France, Germany, India, Russia, Saudi Arabia, Spain, the U.K., and the U.S.
No fewer than 200 trojan applications were used in the campaign, making it one of the most widespread scams to have been uncovered in 2021. What’s more, the malicious apps catered to a varied set of categories ranging from Tools and Entertainment to Personalization, Lifestyle, and Dating, effectively widening the scale of the attacks. One of the apps, Handy Translator Pro, amassed as much as 500,000 downloads.
“While typical premium service scams take advantage of phishing techniques, this specific global scam has hidden behind malicious Android applications acting as Trojans, allowing it to take advantage of user interactions for increased spread and infection,” Zimperium researchers Aazim Yaswant and Nipun Gupta said in a report shared with The Hacker News.
“These malicious Android applications appear harmless when looking at the store description and requested permissions, but this false sense of confidence changes when users get charged month over month for the premium service they get subscribed to without their knowledge and consent.”
images from Hacker News