10 Million Android Phones Have Been Pwned By Malware…. OMG!

Well this is eye opening. Security researchers have found a mind blowing malware operation that has infected more than 10 million Android smartphones across more than 70 countries since at least November 2020 and is making millions of dollars for its operators on a monthly basis:

Discovered by mobile security firm Zimperium, the new GriftHorse malware has been distributed via benign-looking apps uploaded on the official Google Play Store and on third-party Android app stores. If users install any of these malicious apps, GriftHorse starts peppering users with popups and notifications that offer various prizes and special offers. Users who tap on these notifications are redirected to an online page where they are asked to confirm their phone number in order to access the offer. But, in reality, users are subscribing themselves to premium SMS services that charge over $35 per month, money that are later redirected into the GriftHorse operators’ pockets. 

Zimperium researchers Aazim Yaswant & Nipun Gupta, who have been tracking the GriftHorse malware for months, described it as “one of the most widespread campaigns the zLabs threat research team has witnessed in 2021.” Based on what they’ve seen until now, the researchers estimated that the GriftHorse gang is currently making between $1.5 million to $4 million per month from their scheme.

To be clear, the malware doesn’t infect Android automatically. The end user has to download and install a compromised app from an app-store. Then they are prompted to do something else that pwns. Which means that while the malware is a problem, the education of users in safe computing is what is really needed here. Hopefully this story gets that discussion going.

Leave a Reply

%d bloggers like this: