The malicious apps have since been removed from the Store. However, there is still a chance that the Trojans will appear in new ones.
Zimperium Security Corporation I showed A Trojan horse that has been circulating for months in stores with apps like Google Play. He registered his victims for premium SMS services. It is estimated that it can infect up to 10 million Android devices in 70 countries, including Slovakia.
The malware, nicknamed GriftHorse, first appeared in November last year. So far, it’s hidden in over 200 apps, about half of which fall into the “Tools” category. It features popups that prompt the user to win the lottery.
This misleading message is displayed at least five times per hour until the victim decides to click on it. The malware will then prompt you to enter your phone number for verification. However, in fact, he registered it with a premium service using the number entered, which charges more than 30 euros per month.
The last release of this Trojan dates back to April 2021. It is estimated that it may have caused damages of hundreds of millions of euros during that period. According to researchers, this is one of the most popular campaigns this year.
But they don’t know the full scope of the campaign. The developers of GriftHors have implemented several avoidance mechanisms in it, which prevented it from being discovered. For example, they did not use the same strings in malicious code, and depending on the user’s IP address, they changed the language of the notification and joined different domains. Therefore, no antivirus software detects it.
Although fraudulent apps have been reported and removed from Google Play for now, they may still be on third-party stores. In addition, the researchers warn that the Trojan is still under development, and therefore does not rule out the emergence of new applications.
“Analyst. Total tv trailblazer. Bacon fanatic. Internet fanatic. Lifelong beer expert. Web aficionado. Twitter buff.”