As many as 200 rogue Android apps made it onto the Google Play store, stealing people’s money by subscribing them to premium services without their consent, cybersecurity experts warned on Wednesday.
Researchers at cybersecurity company Zimperium claimed that around 10 million Android phones were likely infected, scoring the crooks millions in proceeds before Google threw them off Play. Labeled “GriftHorse” by Zimperium in a report published on Wednesday, the malicious cybercriminal campaign started building their apps in November 2020.
The hackers had put significant efforts into guaranteeing success. To ensnare their victims, the apps would bombard the user with pop-ups, saying the victim had won a prize and needed to claim it immediately. They were persistent, too, pop-ups reappearing five times per hour until the offer was accepted. If accepted, the user would then be taken to a webpage, the language of which would change depending on the geolocation of the app user’s IP address. The webpage would ask them for their phone number in order to claim the prize, but rather than win anything, the target would be signed up to a premium SMS service, costing them $40 per month.
The scam apps came in many guises. They included a fake Forza driving game, a translator app, a heart rate monitor and a horoscope tool. One app, called Handy Translator Pro had between 500,000 and a million downloads before being thrown out of Google Play. There was even a Soul Scanner app, marketed as a “radar to search for paranormal spirit activity.” The total number of downloads, based on Google Play statistics alone, could have been anywhere between 4.3 million and 17.3 million, Zimperium said.
Though Google removed the offending apps from its store, they remain live on other third-party app marketplaces. They were able to evade detection for months by making it difficult for security companies to catch and analyze the malicious apps. For instance, they changed the Web servers used to control the malware rather than sticking to the same domains, according to Zimperium.
The victims to date are based across the world. “While a majority of the victims are in the European countries, the fact that the malicious actors used Google Play as a heavy source of distribution gave all the malicious applications global reach,” said Shridhar Mittal, Zimperium CEO. “From Australia to Russia and South Africa to the United States, mobile users all over the world have been stolen from through the novel campaign.”
Though not all would have given over their number to the fraudsters, “even a very small percentage of the total victims could yield long-term gains in the millions of euros for the malicious actors,” Mittal added.
As your business grows, safeguarding the applications and systems it relies on involves a unique approach that balances accessibility with cybersecurity. At Raptor IT Consultants, our mission is to establish a foundation for your network resources that empowers users to work efficiently, while offering scalable, managed IT services that complement any business model; affordably. #raptoritnetwork