More than 10 million Android devices have been infected with apps that contain a trojan and try to extort money, according to security company Zimperium. More than 200 apps were discovered with the trojan and they are said to have stolen millions of euros.
When an infected app was installed, users were shown dozens of notifications about a supposedly won prize. According to the researchers, the pop-ups appeared up to five times per hour until clicked. The user was then redirected to a landing page asking to submit the phone number. When they did, they signed up for a paid SMS service that sometimes charged $36 a month. This landing page was adapted to the local language, which was determined from the IP address.
The trojan was named GriftHorse and has been reported in more than 70 countries. The gang behind the campaign, according to Zimperium’s researchers, had been going since November last year and had come up with ingenious ways to go undetected.
The gang released the infected apps to the Google Play store and alternative app stores for Android in a variety of categories. For example, a translation app, a racing game and a heart rate monitor app were found. More than twenty apps from the list were downloaded more than 100,000 times. The most popular infected app, according to the researchers, was Handy Translator Pro. Google was notified and all infected apps have since been removed from the Google Play store.
Screenshot on infected smartphone