Millions of Android devices in more than 70 countries have been reportedly affected by a malware strain. Discovered by mobile security firm Zimperium, the malware is called GriftHorse and it has been spreading since November last year. The discovery was shared by two researchers of Zimperium in a blog post where they describe the malware to be one of the most widespread campaigns that they have tracked this year. The blog reveals that the malware was spread through both Google Play and third-party application stores and the cybercriminals made millions of Euros through this technically novel and effective Trojan campaign.
What does GriftHorse malware do?
Researchers reveal that the cybercriminals masked within apps’ codes. Upon infection, the victim is bombarded with fishy links on the screen. These pop ups reappear no less than five times per hour until the user taps on. After tapping the popup, the malware redirects the victim to a geo-specific webpage where they are asked to submit their phone numbers for verification. But in reality, they are submitting their phone number to a premium SMS service. The victim does not immediately notice the impact of the theft, and the likelihood of it continuing for months before detection is high.
Why is GriftHorse malware hard to trace?
According to the mobile security firm, these cybercriminals took great care not to get caught by avoiding hardcoding URLs or reusing the same domains and filtering malicious payload based on the originating IP address’s geolocation. This method allowed the attackers to target different countries in different ways.
Overall, GriftHorse Android Trojan takes advantage of small screens, local trust and misinformation to trick users into downloading and installing these masked apps, as well frustration or curiosity when accepting the fake free prize spammed into their notification screens. The numerical stats reveal that more than 10 million Android users fell victim to this campaign globally.
For all the latest Technology News Click Here
