The malware, called GriftHorse, infected over 10 million users.
Google is trying to keep malicious apps out of the Play Store and is constantly working to remove these apps. The most recent takedown includes 200 apps across multiple categories that were used to spread the GriftHorse malware to more than 10 million victims.
According to researchers at Zimperium zLabs, a new Android trojan named GriftHorse has been embedded in at least 200 confirmed malicious apps on the Google Play store and some third-party app stores. To date, malware operators have managed to infect more than 10 million Android devices from over 70 countries and steal tens of millions of dollars from their victims.
In their report, the researchers announced that the malware campaign was active from at least November 2020 to April 2021. When a user installs any of the malicious apps, the malware generates numerous notifications and pop-ups that attract people with special discounts or various rewards. People who tap these are taken to a web page where they are asked to confirm their phone number to access the promotion.
In reality, victims are subscribing to premium SMS services that charge over $35 per month. It’s estimated that the malware’s operators earned anywhere from $1.5 million to $4 million a month using this plan, with their first victims likely to lose more than $230 if they didn’t stop the scam.
Zimperium researchers Aazim Yaswant and Nipun Gupta state that this is an advanced malware campaign where operators use quality code and a wide range of websites and malicious applications that cover almost every possible category. Zimperium has notified Google about the offending apps. Although the company has removed them from the Play Store, they can still be downloaded from third-party app stores.