For years, Google has attempted, with limited success, to keep malicious apps out of the Play Store. The organization is focusing hard to eliminate these applications, and the most recent round of takedowns includes 200 apps from a wide range of categories that were used to inoculate over 10 million people with GriftHorse malware.
Apple has recently become lax in the iOS security department, despite adding fuel to the raging iOS vs. Android debate by claiming the latter mobile OS has 47 times more malware due to its openness to sideloading apps. Having said that, it’s difficult to argue that Android is more appealing to malware developers, who are prodding it at every opportunity.
New Android Trojan Malware
According to researchers at Zimperium zLabs, a new Android trojan known as GriftHorse has been embedded in over 200 malicious apps that have been approved for distribution through Google Play and a few third-party app stores. To date, the malware operators have infected over 10 million Android devices from more than 70 countries, stealing tens of millions of dollars from their victims.
The GriftHorse campaign has been running since at least November 2020 and will continue until April 2021, according to the researchers’ report. When a user installs one of the malicious apps, GriftHorse generates a slew of notifications and popups that entice them with special discounts or various prizes. People who click on these are taken to a web page where they must confirm their phone number to gain access to the promotion.
In actuality, GriftHorse victims are paying for premium SMS services that cost more than $35 per month. GriftHorse operators are estimated to make between $1.5 million and $4 million per month from this scheme, and their first victims are likely to have lost more than $230 if the scam was not stopped.
Aazim Yaswant and Nipun Gupta of Zimperium note that this was a sophisticated malware campaign in which operators used quality code and a diverse range of websites and malicious apps that covered almost every possible category. While Google was notified of the illegal apps, they were removed from the Play Store; nonetheless, they are still available for download via third-party app shops.
It’s not the first time an Android user has been targeted in this manner. Wandera, a mobile security and information management company, encountered a similar piece of malware in 2018 that could send SMS messages to premium services, among other things. And, based on the sophistication of the GriftHorse campaign, they’ve most likely been doing it for a long time.
This is not the first time we have encountered malicious malware targeting Android devices. Recently a security researcher found numerous zero-day vulnerabilities in the latest iOS 15 updates which allowed third parties access to user’s Apple ID, email, and other personal data that Apple guarantees it will protect. These incidences are a testament that tech companies are not doing enough to secure their user’s privacy. These companies need to take strict action and ensure that their user’s privacy is never at risk by making data protection their number one priority.