A new, and very successful piece of Android malware has been discovered that's managed to infect over 10 million devices in more than 70 countries.
As The Record reports, the malware is called GriftHorse and it was discovered by researchers at mobile security company Zimperium. The sheer scale of infected devices that have flown under the radar until now is due to the method of distribution, which relies on "benign-looking apps" available to download through the Google Play store. It also helps that no anti-virus vendors detected the malware they contained.
Once installed, these apps show the user pop-ups and notifications for special offers and prizes. If any of them are tapped, the user is asked to enter their phone number to get the offer or prize. In doing so, they are unknowingly signed up to a premium SMS service charging $35 or more each month. Of course, that money is directed into the hands of the gang behind GriftHorse.
With over 10 million infected devices, it's estimated the gang is generating income of between $1.5 million and $4 million every month. According to Zimperium researchers Aazim Yaswant and Nipun Gupta, the success of GriftHorse is due to the "malware's code quality, using a wide spectrum of websites (194 domains), malicious apps, and developer personas to infect users and avoid detection for as much as possible."
The scale of the infected app ecosystem is also impressive and spans over 200 apps spread across 18 different categories including tools, puzzle, communication, dating, lifestyle, finance, racing, entertainment, music and audio, health and fitness, productivity, simulation, food and drink, sports, education, board, action, and personalization. Thankfully, these apps have been removed after Zimperium contacted Google regarding the malware, but it has been operating since at least November 2020, raising questions as to how thorough app reviews really are on the Play Store.