A recently discovered “robust” mobile crackdown has infected 10 million users from more than 70 countries via seemingly harmless Android apps who inadvertently subscribe to premium services that cost €36 ($42) per month.
Zimperium zLabs dubbed as a Trojan malwareIllegal earning. The money-making scheme is believed to be in active development as of November 2020, with casualties reported in Australia, Brazil, Canada, China, France, Germany, India, Russia, Saudi Arabia, Spain and the United Kingdom.
At least 200 Trojan apps were used in the campaign, making it one of the most widespread scams discovered in 2021. Moreover, the malicious apps target a variety of categories ranging from tools and entertainment to personalization, lifestyle and dating . group of attacks. One app, Handy Translator Pro, has amassed up to 500,000 downloads.
“While typical premium service scams exploit phishing techniques, this specific global fraud hides behind malicious Android apps that act as Trojans, allowing them to take advantage of user interactions to increase prevalence and infection,” said the law In a joint report with The Hacker News.
“These malicious Android apps look harmless when you look at the store description and required permissions, but this false sense of trust changes when users are billed monthly for the premium service they subscribe to without their knowledge and consent.”
Like other banking Trojans, GriftHorse does not take advantage of flaws in the Android operating system, but rather social engineering users to register their phone numbers in premium SMS services while downloading apps.
After a successful infection, victims are bombarded with scam alerts promising them a free “gift” which, when clicked, redirects them to a specific geographic web page to provide their phone numbers for verification. “But they are in fact providing their phone number for a premium SMS service that will start charging the phone for more than 30 euros per month,” the researchers said.
After the official disclosure by Google, the apps were deleted from the Play Store. But it is still available in untrusted third-party app repositories, once again highlighting the risks associated with sideloading random apps and how they can appear as a path to malware penetration.
“In general, the GriftHorse Android Trojan takes advantage of small screens, local trust, and misinformation to trick users into downloading and installing Android Trojans, as well as frustration or curiosity when accepting a free bogus prize that is sent to their notification screens,” he said.. he said.