Earlier in the week, researchers discovered a piece of malware that could affect millions of Android phone owners in over 70 countries.
The researchers at mobile security company Zimperium found the malware, which is called “GriftHorse”, has been released on more than 10 million Android devices.
GriftHorse malware is particularly dangerous, as it grants permissions that allow cybercriminals to add monthly paid subscription charges to users’ accounts without their knowledge. Zimperium has listed the apps here.
According to the zLabs team at Zimperium, the malware is delivered to the user by a malicious Android app. Although the apps appear harmless on the surface, once installed it tricks the user in granting permissions so they get charged for services each month without consent.
Charging for these premium paid services can be a highly profitable business. The researchers estimate that groups are making between $1.5 million to $4 million per month from GriftHorse
As Zimperium researchers Aazim Yaswant and Nipun Gupta explain, “Upon infection, the victim is bombarded with alerts on the screen letting them know they had won a prize and needed to claim it immediately.
These pop-ups reappear no less than five times per hour until the application user successfully accepts the offer. Upon accepting the invitation for the prize, the malware redirects the victim to a geo-specific webpage where they are asked to submit their phone numbers for verification.
But in reality, they are submitting their phone number to a premium SMS service that would start charging their phone bill over €30 [$40 USD] per month.
The victim does not immediately notice the impact of the theft, and the likelihood of it continuing for months before detection is high, with little to no recourse to get one’s money back.”
So, what happens next? For now, Google has been warned about the threat and has responded by identifying and removing the malware apps from its play store. But, it’s still unclear whether some apps are available on third-party app stores on Android phones.