Android trojan steals millions from Android users

Android trojan steals millions from Android users just by clicking a message

Any Android phone user is aware that randomly clicking and downloading links from unclear origins might lead to malware installation. But no matter how careful a user is, someone is still going to fall for those scams.

Read: How to Remove Malware from Your Android Phone [2 Methods]

However, this recent scam that has been brewing since late 2020, still has many Android users fooled. Not even the most tech-savvy users can escape its wrath.

Now, hackers are targeting over 2.5 billion Android users from around the globe.

Mind you, these hackers have already managed to steal millions of dollars on their phone bills with just a single click of what seems to be a harmless message.

Next time, be careful what messages you say “yes” to. You might end up losing hundreds of dollars.

Read:

GriftHorse trojan has stolen millions from Android users

Recently, a group of hackers has launched a major scamming campaign using Google’s Play Store. Researchers from a mobile security company were able to report it on September 29th.

Zimperium discovered GriftHorse trojan, an aggressive mobile premium services campaign that was responsible for stealing hundreds of millions of dollars from Android users.

Typical premium service scams take advantage of phishing techniques but not this one.

GriftHorse has hidden behind malicious Android applications acting as trojans, which then allows the trojan to take advantage of user interactions for increased infection and wider spread.

GriftHorse trojan has stolen millions from Android users
GriftHorse trojan has stolen millions from Android users

Scammers behind this trojan are looking to steal from Android users through over 200 seemingly innocuous apps that are available in the Play Store.

So, what happens when these malicious apps get downloaded by unsuspecting users?

If these malicious apps were downloaded, a message would then pop up to notify the user that they had apparently won a prize –– also prompts them to enter their phone number to claim it.

But instead of a hefty prize, the hackers were having Android users submit their phone numbers to an SMS service that charged their phone bill at around $42 per month.

Forensic evidence of this active Android Trojan attack, which we have named GriftHorse, suggests that the threat group has been running this campaign since November 2020,

according to Zimperium.

Because of that, some of the first victims may have already been charged more than $400 at this point. And if they have not realized this yet, they should report it to their SIM operator to remove this fraudulent service.

Millions of Android users have already fallen victim

10 million Android users fall victim to GriftHorse trojan
10 million Android users fall victim to GriftHorse trojan

According to Zimperium, an estimate of over 10 million Android users around the globe have already fallen victim to this trojan.

The campaign is exceptionally versatile, targeting mobile users from 70-plus countries by changing the application’s language and displaying the content according to the current user’s IP address,

says Zimperium.

The security company added that GriftHorse has also likely been able to steal and accumulate hundreds of millions of dollars from these poor victims by far.

Furthermore, the company confirmed that “the cumulative loss of the victims adds up to a massive profit for the cybercriminal group.”

Malicious apps have already been removed from the Play Store, says Google

Thankfully, Google said that these malicious apps have already been removed from the Play Store.

Zimperium listed some of the app names that were used by the hackers. At first glance, they all look seem normal and harmless, having names such as “Scanner App Scan Docs & Notes,” “Amazing Video Editor,” “Daily Horoscope & Life Palmestry,” and more.

But the security company went on to warn users that these apps might still be available through third-party app stores. This means that Android users can still easily download these apps and users can still be exploited by these hackers.

Also read:

Leave a Reply

Your email address will not be published.