GriftHorse Tricks Users for Premium Service

A newly discovered Android Trojan being used in a campaign that tricks victims into subscribing to premium SMS services is believed to have over 10 million victims. Dubbed “GriftHorse” malware has been found embedded in more than 200 malicious applications, available in play store targeting millions of users in more than 70 countries.

The malicious applications appear harmless when looking at the store description and requested permissions but result in users being charged month over month for a premium service to which they get subscribed without their knowledge. Once after installing an infected application, users are bombarded with alerts telling them they’ve won a prize and need to claim it immediately. After they accept the invitation for the prize, the malware redirects the victims to a geo-specific webpage. They are then asked to submit their phone number for verification, and that’s where the trap is set.

After they enter their phone number for the claimed prize, the victims instead are signed up for a premium SMS service that will start charging their phone bills more than €30 ($34.80) per month. The victims don’t immediately notice the moment of abnormality, As the victims are deemed to have subscribed to the service, there is little to no resource to have the money returned.

The attackers used multiple URL, domains to avoid getting detected enabled them to infect users from many countries. The malicious apps on Google Play have been removed. The malicious apps still exist on third-party app stores. Ignorance is the main cause of these type of attack to remain successful. User must be cautious while using mobiles and internet.