Android-wanware GriftHorse besmet oor 10 miljoen toestelle

Helga SmithOktober 1, 2021Laas opgedateer: Oktober 1, 2021
1 minuut gelees

Zimperium experts ontdek het Android-wanware GriftHorse, wat sedert November aktief is 2020 and subscribes its victims to paid SMS services. It has already infected more than 10 million devices in 70 countries around the world, and GriftHorse operators are believed to “earn” between $ 1.5 million and $ 4 million a month.

The versions of GriftHorse noticed by experts were distributed through the official Google Play application store and third-party application catalogs, as a rule, masking as other harmless applications.

If the user installs such an application, GriftHorse begins to bombard him with pop-ups and notifications, which offer various prizes and special offers. If the victim clicks on one of these notifications, it is are redirected to a page where they are asked to verify their phone number, ostensibly to access the offer.

In werklikheid, here users subscribe to paid SMS services, the cost of which sometimes exceeds 30 euros per month. This money ends up going into the pockets of the GriftHorse operators.

Subscribe to paid SMS service

Cimperium researchers, who tracked the malware for several months, write that this isone of the largest campaigns witnessed by the zLabs team in 2021.

It is emphasized that the creators of GriftHorse have worked hard to improve the quality of their malicious code, and use a wide range of sites, malicious applications and developer personalities to avoid detection.

The level of sophistication, the use of new techniques and the determination shown by the attackers allowed them to go unnoticed for several months. In addition to using a large number of applications, their distribution was very well planned: applications were distributed in many different categories, expanding the circle of potential victims, experts write. – This campaign has been actively developed for several months starting in November 2020 and the last update is dated April 2021. This means that one of their first victims, if she has not yet turned off the fraudulent subscription, has already lost more than € 200 at the time of writing [this report].

Distribution of infected applications by category
Distribution of infected applications by category

A list of over 200 applications infected with GrifThorse can be found at the end of the researchersverslag.

Let me remind you that I also talked about the fact that Doctor Web ontdek het a new family of banking Trojans for Android named Android.BankBot.Coper (hereinafter Coper).

Merkers
Helga SmithOktober 1, 2021Laas opgedateer: Oktober 1, 2021
1 minuut gelees

Helga Smith

Ek het altyd in rekenaarwetenskap belanggestel, veral datasekuriteit en die tema, wat deesdae genoem word "data wetenskap", sedert my vroeë tienerjare. Voordat u as hoofredakteur in die virusverwyderingspan kom, Ek het as 'n kuberveiligheidskenner in verskeie maatskappye gewerk, insluitend een van Amazon se kontrakteurs. Nog 'n ervaring: Ek het onderrig in Arden en Reading universiteite.

Los 'n antwoord

Jou e-posadres sal nie gepubliseer word nie. Vereiste velde is gemerk *

Hierdie webwerf gebruik Akismet om strooipos te verminder. Leer hoe jou opmerkingdata verwerk word.

Terug na bo-knoppie