GriftHorse Trojan Steals Data From Millions Of Android Devices Worldwide

Samsung Galaxy A20e - Now Getting the Android 11 Update in Europe

Android smartphones are currently the target of malware that has infected around 10 million devices worldwide. The pest called GriftHorse has been active for a long time and has now been analyzed in depth.

The malware has now been discovered by the security company Zimperium. In this case, too, it must be established that the distribution channel mainly consists of the Google Play Store. The malicious code is hidden in various apps, which then wait for unsuspecting users. But GriftHorse has also already been discovered in alternative app stores.

In the case of this malware, the user should quickly notice that something is wrong. Because one component is AdWare, which bombarded the user with numerous popups and messages about special offers and prices. But this is ultimately the more harmless part. Because in the background, the malware also ensures that subscriptions are concluded for premium SMS services, each of which costs around 30 euros.

Million revenue

It is one of the most widespread malware campaigns recorded in the field this year, according to Zimperiums. When observing the pest, it was shown that the developers GriftHorses invest quite a bit of effort. The code is of good quality and is regularly maintained, it is used as best possible on various camouflage mechanisms in order to avoid detection and the distribution takes place on an unusually wide range of download platforms and apps.

Most of the apps that GriftHorse is hiding in belong to the large Tools category in the Play Store. But entertainment offers are also well represented. Ultimately, however, there is hardly a section in which no GriftHorse apps could be found. Based on the spread and activities of the malware, the security researchers assume that it generated monthly income of between 1.2 million and 3.5 million euros for its developers over the course of the year.