Over 10 million Android devices from more than 70 countries have reportedly been infected by a large-scale malware campaign wherein victims are unknowingly deceived into subscribing to many expensive paid services. GriftHorse trojan is the malware used for the campaign that is now active for about five months.
A GriftHorse Trojan infected Android devices are subscribed to expensive premium services, allowing threat actors to pocket millions as per the analysis.
With the use of more than 200 trojan-infected Android apps located on Google Play Store, GriftHorse trojan has been spreading all over the world. Additionally, the malware has existed from third-party app stores up to now, even after being removed from Google Play Store the moment the firm was alerted.
During the GriftHorse campaign, many anti-malware vendors were evaded by about 200 trojanized Android applications for several months. The campaign developers also added that the trojanized applications are distributed across different categories to infect more victims, aside from numerous apps.
The trojanized apps can gain access to the mobile number of the infected Android device and exploit it in presenting the victims’ gifts and prize alerts. Victims who fall into the trap will be automatically subscribed to premium services that charge them recurring expensive amounts to their bills.
Retrieval of stolen money almost impossible for victims, research says
For the victims who have failed to immediately notice that their Android device was infected for a long time, the fees charged against them have little to no chance of being retrieved. Researchers explain that victims set into recurring payment mode from their bank accounts have a lesser option to get their money back due to the cumulative loss over time.
As stated in numerical statistics, the GriftHorse campaign has infected over 10 million Android users worldwide. The GriftHorse campaign’s accumulated time and profit has given threat actors a massive growth of wealth and motivation to continue.
As many victims from different sides of the world try to recover their stolen money from the premium services subscriptions, threat actors are continuously gaining profit.