Security News > 2021 > September > Beware! This Android Trojan Stole Millions of Dollars from Over 10 Million Users

Beware! This Android Trojan Stole Millions of Dollars from Over 10 Million Users
2021-09-29 22:24

A newly discovered "Aggressive" mobile campaign has infected north of 10 million users from over 70 countries via seemingly innocuous Android apps that subscribe the individuals to premium services costing €36 per month without their knowledge.

Zimperium zLabs dubbed the malicious trojan "GriftHorse." The money-making scheme is believed to have been under active development starting from November 2020, with victims reported across Australia, Brazil, Canada, China, France, Germany, India, Russia, Saudi Arabia, Spain, the U.K., and the U.S. No fewer than 200 trojan applications were used in the campaign, making it one of the most widespread scams to have been uncovered in 2021.

"While typical premium service scams take advantage of phishing techniques, this specific global scam has hidden behind malicious Android applications acting as Trojans, allowing it to take advantage of user interactions for increased spread and infection," Zimperium researchers Aazim Yaswant and Nipun Gupta said in a report shared with The Hacker News.

"These malicious Android applications appear harmless when looking at the store description and requested permissions, but this false sense of confidence changes when users get charged month over month for the premium service they get subscribed to without their knowledge and consent."

Like other banking trojans, GriftHorse does not exploit flaws in the Android operating system, but rather socially engineers users into subscribing their phone numbers to premium SMS services upon downloading the apps.

"Overall, GriftHorse Android Trojan takes advantage of small screens, local trust, and misinformation to trick users into downloading and installing these Android Trojans, as well frustration or curiosity when accepting the fake free prize spammed into their notification screens," Yaswant and Gupta concluded.


News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/b3GTN46Tr84/beware-this-android-trojan-stole.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Android 4 0 17 2 0 19