According to a new report coming from the mobile security firm Zimperium, over 10 million Android smartphone users have been affected by a new malware. The malware, which goes by the name GriftHorse, has reportedly affected millions of Android mobile users globally including India. It targeted Android users via third-party applications, which have now been removed from the Play store. Also Read - Google cuts Play Store fee to 15 percent for all subscription apps from 2022
Infected apps removed from Play store
According to the mobile security firm, the threat group has been running the campaign since November last year. The GriftHorse malware has been reportedly distributed to Android mobile devices via Google Play and third-party application stores. Also Read - Facebook’s new name could be Meta or Horizon, or will it be called FB?
Some of these infected apps include Handy Translator Pro, Heart Rate and Pulse Tracker, Geospot: GPS Location Tracker, iCare – Find Location, and My Chat Translator. Also Read - Why Google should consider bringing Pixel 6 series to India, but it is not
The researcher states that users in India are also affected by malware. Zimperium notes that it contacted Google about the GriftHorse infected apps and the tech giant later removed them all from Play Store.
GriftHorse malware: Explained
The GriftHorse malware has stolen “hundreds of millions of Euros” from affected users. The blog post states that the malware disguised within several app codes and in the process tricked users to click on suspicious links. These links ensured that the money stolen from users are redirected to the fraudster’s accounts.
The Zimperium blog post reveals that the malware didn’t affect the users on the first go. It reportedly, eventually, tricked users to subscribe to premium services without knowledge or consent. The campaign is said to have targeted millions of users in more than 70 countries.
The campaign was reportedly distributed in local languages, which led to a higher success rate when compared to other similar malware incidents. Researchers also claimed that GriftHorse sent sophisticated popups and notifications promising alluring prizes and special offers.
On tapping these notifications, users were redirected to an online page that asks for some details, such as a phone number, to avail the offer. As users enter the mobile number, they were subscribing themselves to special and premium SMS services that charge a huge amount of money.