For years Google has been trying to keep malicious apps out of the Play Store albeit with very limited success. Every time the company finds new apps to new remove full of malware and takes action some new suckers pop up to soil the victory.
Last time Google removed around 200 apps across multiple categories that have been used to spread GriftHorse malware to over 10 million victims. However coming to Androids biggest rival Apple, the iOS has been termed to be safer than its rival Android as Google’s OS has a problem which is that it allows for Apps sideloading.
According to researchers at Zimperium zLabs, a new Android trojan called GriftHorse has been embedded into no less than 200 malicious apps which were approved into the Google Play store as well as some third-party app stores. It also revealed that this particular malware has managed to infect more than 10 million Android devices from over 70 countries and is responsible for stealing tens of millions of dollars from its victims.
The researchers explained in their report that the GriftHorse campaign has been active since at least November 2020 and through April 2021. what happens is when a user installs any of the malicious apps, GriftHorse will generate a large number of notifications and popups that lure people with special discounts or various prizes. However, once people get attracted and tap on these they get redirected to a web page where they’re asked to confirm their phone number to access the promotion.
What’s happening here is that the victims of GriftHorse are subscribing to premium SMS services that charge over $35 per month. Researchers estimate that the GriftHorse operators have been making anywhere from $1.5 million to $4 million per month in this way and their first victims have likely lost more than $230 if they didn’t stop the scam.
Google needs to take some serious measures regarding the security of their smartphone’s OS.