Disguised as legitimate apps, the GriftHorse malware has found its way onto more than 10 million Android devices. Learn how to determine whether your phone is one of them.
Mobile malware dubbed GriftHorse has found its way onto more than 10 million Android devices in more than 70 countries, including the United States. Cybercriminals are using GriftHorse to carry out billing fraud. “The cybercriminal group behind the GriftHorse campaign has built a stable cash flow of illicit funds from these victims, generating millions in recurring revenue each month with the total amount stolen potentially well into the hundreds of millions,” according to the Zimperium zLabs researchers who discovered the malware.
How the Attack Works
GriftHorse is a trojan horse — in other words, malware disguised as a legitimate program or file. In the GriftHorse campaign, the cybercriminals created more than more than 200 trojan apps covering a wide variety of interests (e.g., dating, entertainment, finance, music, utilities) to get a broad pool of potential victims. The cybercriminals posted the trojan apps in the Google Play store and other third-party app sites.
Although Google immediately removed the GriftHorse trojan apps from its store once it learned about them from the researchers, they are still posted on some third-party app sites. “These malicious Android applications appear harmless when looking at the store description and requested permissions,” noted the researchers. But these apps are far from harmless. Android users who download and install them will be blasted with popups (at least five per hour) telling them they have received a gift or won a prize. To claim it, all they need to do is click the provided link. The link leads to a geo-specific web page that asks them to submit their mobile phone numbers for verification purposes.
If the Android users comply, the malware uses their mobile phone numbers to subscribe them to premium SMS services, without their knowledge or consent. Premium SMS services allow one party (e.g., a company or charity) to collect money from a second party (e.g., a customer or donor) via text message. The amount due appears as a charge on the second party’s mobile phone bill. GriftHorse victims usually find a fraudulent charge of $35 or more per month on their bills. If the victims do not regularly check their phone bills, they might not even realize the charge is there.
Is Your Phone Infected?
If you have an Android phone, you might want to determine whether it has been infiltrated by a GriftHorse trojan app. Fortunately, the researchers have created a list of apps known to conceal GriftHorse. Although the list is not alphabetized, you can use your browser’s Find functionality to check the apps you have installed on your device against this list. If any of your apps are on the list, you should uninstall them.
Other Measures You Can Take to Protect Your Phone from Trojan Apps
Admittedly, spotting trojan apps like GriftHorse in app stores can be hard if they are well designed. However, there are measures you can take to protect your Android phone from trojan apps and the malware they harbor: