IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Android Trojan charges millions of victims €36 per month

Up to 10 million users across 70 countries are thought to have been affected

An Android Trojan campaign has been charging unsuspecting victims around €36 (£31) per month since at least November 2020, researchers have found.

Known as GriftHorse, the Trojan masquerades under seemingly innocent Android applications such as puzzle games, educational software, dating apps, as well as a translator that had garnered more than 500,000 downloads alone.

The GriftHorse campaign was developed using the Apache Cordova mobile application development framework, which allows developers to use HTML5, CSS3, and JavaScript for cross-platform mobile development. However, the technology also makes it possible for the developers to deploy updates to apps without requiring users to update the app manually.

Although oftentimes useful for quick fixes, this capability can also be abused to host malicious code on the server as well as execute it in real-time.

Once an app was downloaded, victims were asked to verify their identity using an SMS code which, in reality, subscribed them to being charged around €36 (£31) per month through their ​​phone bill. Many of the affected users failed to notice the theft for the first few months, and were only able to stop the unsolicited payments by contacting their mobile network provider.

This means that, as of today, some 10 million victims from over 70 countries, including the UK, could have lost €360 (£310) each to cyber criminals.

Related Resource

The business value of running applications on VMware Cloud on AWS in VMware Hybrid Cloud Environments

An IDC study on the benefits of VMware Cloud

First page of whitepaper with title and textFree download

Researchers from mobile security company Zimperium zLabs reported the Trojan to Google earlier this year, which in turn removed the malicious applications from the Google Play store. It's likely that the last payment will have been taken in April 2021, when the campaign was last reported active.

Zimperium’s researchers believe that the malicious apps “are still available on unsecured third-party app repositories” and continue to place Android users at risk.

It also highlights “the risk of sideloading applications to mobile endpoints and user data”, as well as the need for “advanced on-device security”, according to Zimperium researchers ​​Aazim Yaswant and Nipun Gupta. 

Android users should verify the identity of the apps they wish to download and conduct an assessment provided by Zimperium, the researchers have warned.

“​​[The] GriftHorse Android Trojan takes advantage of small screens, local trust, and misinformation to trick users into downloading and installing these Android Trojans, as well frustration or curiosity when accepting the fake free prize spammed into their notification screens,” said Yaswant and Gupta.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022
Dell Technologies World 2022: Dell unveils security offerings for major cloud providers
public cloud

Dell Technologies World 2022: Dell unveils security offerings for major cloud providers

3 May 2022

Most Popular

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack
hacking

Russian hackers declare war on 10 countries after failed Eurovision DDoS attack

16 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Google Russia files for bankruptcy, ends operations in the country
Business operations

Google Russia files for bankruptcy, ends operations in the country

19 May 2022