A great hacking campaign that uses malware, has infected more than 10 million Android devices from more than 70 countries. This campaign is probably responsible for theft of a huge amount of money, after the applications that spread the malware, do registration of victims in subscription services, without knowing it. Malicious Android applications that managed to get into the Google Play Store distributed it GriftHorse malware, which was discovered by his researchers Zimperium zLabs.
This malware campaign was active for about five months, between November 2020 and April 2021.
GriftHorse was delivered to the victims thanks to 200 trojanized Android applications who had passed to Google official store (Play Store) and but also in third-party application stores.
While η Google has removed applications, from the moment they were notified of their malicious nature, are still available for download at third-party stores.
According to the researchers, the criminals could have stolen millions, through the subscriptions that the victims paid every month without knowing it.
The criminals used the malware GriftHorse to infect their victims and them they wrote in premium services, to get them money.
The 200 trojanized Android applications were not detected by the vast majority of malware vendors and were able to avoid detection for months, while the GriftHorse campaign was active.
The researchers also observed that the 200 applications belonged to different categories to "hit" as many victims as possible.
After installing on a victim's phone, these malicious applications were able to access the mobile phone number and use it to register unsuspecting victims in premium SMS services that charge more than 30 euros per month in their phone bills.
Researchers estimate that more than 10 million Android users have been affected by malicious apps on the Google Play Store and elsewhere, and that hundreds of millions of euros have been stolen.
Android malware: The stolen money is almost impossible to recover
Victims who did not realize it immediately (most likely those who made recurring payments through their bank accounts) paid for months, and unfortunately have little chance of getting their money back.
"Statistics reveal that more than 10 million Android users worldwide fell victim to this campaign, losing a lot of money, while the threat group became richer and more motivated over time".
The full list of all trojanized applications used in the GriftHorse campaign is available at the end of the Zimperium report.
Source: Bleeping Computer