Researchers at Zimperium zLabs have discovered that a trojan named Grifthorse Android Trojan is present in about 136 apps which have stolen money from about 10 Million users. Google has banned these apps from Playstore after the reports came out.
Google bans 136 apps from the Play Store after researchers at Zimperium zLabs discovered a unique trojan. This trojan is called Grifthorse Android Trojan, which attacks its victim by first hiding behind different applications and spreading throughout the system. Later it manipulates users by inviting them to accept fake prizes and steals money from them without any information.
Security experts at Zimperium zLabs informed Google about this malware and shared a blog post regarding the same. They have mentioned that Grifthorse Android Trojan has stolen money from over 10 Million victims across 70 countries. This malware campaign could have stolen more than hundreds of millions of Euros.
The malicious Android application looks harmless in the store, but these apps start charging for their services without users knowledge and consent. The amount is around 36 Euros per month.
When the victim's device is infected, they start getting thousands of alerts and notifications, with a frequency of five alerts per hour. These alerts show that the user has won a prize and asks them to claim it immediately. They won't stop appearing until you accept the reward.
Once you claim it, the malware redirects you to a geo-specific webpage, where they will ask you to submit your phone numbers for verification. Here the users are entering their number to pay for a premium SMS service and not for attestation. Once you are a subscriber to the premium subscription, you will be paying for it without any information.
This campaign has been running since November 2020 and has remained unnoticed until now. The cybercriminals took great care as they attacked different targets in different ways based on geolocation.
Google removed 136 apps from Google Play Store after Zimperium reported the Grifthouse Android Trojan. These apps might still be available in third-party stores. If you have downloaded these apps in the past, now it's time to delete them or else you can be a victim of these attacks in the future. These apps include Heart Rate and Meal Tracker, iCare – Find Location and App Name.
Here is the list of all these malicious apps.