Website-Icon DED9

GriftHorse malware has infected more than 10 million Android devices

GriftHorse malware has infected more than 10 million Android devices

An Android malware called GriftHorse has stolen millions of dollars from its victims through Play Store apps.

Google has always tried to clean the Play Store from infected applications, But it has not had much success in this area. The company is constantly removing infected apps, and in a recent effort removed about 200 apps in various categories from the Play Store, all of which were infected with the HorseReader malware. The trojan has infected more than 10 million Android devices so far.

According to statistics, Android is up to 47% more vulnerable to malware than iOS due to its open-source nature; But Apple has also recently performed poorly in the security of its mobile operating system. Of course, there is no denying that the Android platform is a more attractive option for malware developers, and these people take every opportunity to release the infected application in the Google mobile ecosystem.

According to research by Zimperium Zilebes, a new Android trojan called Grifthorse has been included in more than 200 applications in various categories, all of which have been approved and published in the Play Store as well third-party stores. The malware has infected more than 10 million Android devices in 70 countries and stolen tens of millions of dollars from its victims.

The GriftHorse Threat Actors

The GriftHorse campaign is one of the most widespread campaigns the zLabs threat research team has witnessed in 2021, attributing its success to the rarely seen combination of features:

The level of sophistication, use of novel techniques, and Also determination displayed by the threat actors allowed them to stay undetected for several months.

In addition to a large number of applications, the distribution of the applications was extremely well-planned, spreading their apps across multiple, varied categories, widening the range of potential victims.

All apps infected by GriftHorse

And many other apps that are infected by GriftHorse …

The researchers explained in their report that the Griffiths campaign was active from November 2020 to April 2021

When people install one of these infected apps on GridHorse, the malware will display a large number of pop-up notifications and pop-ups, which include special discounts and various rewards. People who tap on these announcements and messages will be taken to a web page and will have to register and then confirm their mobile number to access the prizes and discounts.

The victims of the Griffiths will, in effect, subscribe to a paid subscription service for which they will have to pay $ 35 a month. The malware makers have made between $ 1.5 million and $ 4 million a month using this method. Thus, the first victims of this trojan, if they had not stopped using it, would probably have lost more than $ 230.

Two great Zimpurium researchers, Yashwant and Nippon Gupta point out that GridHorse is a sophisticated malware campaign

And its developers have used high-quality code and various infected websites and applications to publish their applications in most categories. Also, Zimperium has notified Google of the malware, and the company has removed infected applications from its software store. Of course, it is still possible to download infected apps in third-party stores.

Conclusion

The numerical stats reveal that more than 10 million Android users fell victim to this campaign globally, suffering financial losses while the threat group grew wealthier and motivated with time. And while the victims struggle to get their money back, the cybercriminals made off with millions of Euros through this technically novel and effective Trojan campaign. Also, This is not the first time such an attack has occurred on Android. In 2018, security company Vandra discovered a similar malware that sent text messages to paid services. Given the complexity of the Griffiths campaign, So it seems that the developers of this malware have been spreading it for a long time.

 

Die mobile Version verlassen