Zimperium experts have discovered Android malware GriftHorse, which has been active since November 2020 and subscribes its victims to paid SMS services. It has already infected more than 10 million devices in 70 countries around the world, and GriftHorse operators are believed to “earn” between $ 1.5 million and $ 4 million a month.
The versions of GriftHorse noticed by experts were distributed through the official Google Play application store and third-party application catalogs, as a rule, masking as other harmless applications.
If the user installs such an application, GriftHorse begins to bombard him with pop-ups and notifications, which offer various prizes and special offers. If the victim clicks on one of these notifications, it is are redirected to a page where they are asked to verify their phone number, ostensibly to access the offer.
In fact, here users subscribe to paid SMS services, the cost of which sometimes exceeds 30 euros per month. This money ends up going into the pockets of the GriftHorse operators.
Zimperium researchers, who tracked the malware for several months, write that this is “one of the largest campaigns witnessed by the zLabs team in 2021.”
It is emphasized that the creators of GriftHorse have worked hard to improve the quality of their malicious code, and use a wide range of sites, malicious applications and developer personalities to avoid detection.
Distribution of infected applications by category
Let me remind you that I also talked about the fact that Doctor Web has discovered a new family of banking Trojans for Android named Android.BankBot.Coper (hereinafter Coper).