Security Intelligence -
Over 10M Android Users Infected by GriftHorse Trojan
A mobile premium services campaign infected over 10 million Android users with the GriftHorse Trojan.
More Than 200 Malicious Apps in Play
Discovered by Zimperium, the GriftHorse Trojan operation used more than 200 Trojan apps to target Android users all over the world.
The largest proportion of those Trojanized apps used entertainment as a theme at 12.7%. This was followed by personalization, lifestyle and simulation at 5.6%, 5.6% and 4.2%, respectively.
Once installed, a GriftHorse’s app began by pushing notifications on the infected device at least five times an hour. The campaign used that to attract the user’s attention and lure them into using the app.
In the end, Trojan campaign used one of two variants to subscribe the victim to several paid and premium SMS services.
The first version required the user to interact with a ‘Continue’ or ‘Click’ button. Doing so sent an SMS text message subscribing the victim to those services.
The second variant performed the same function as the first. However, it required that the victim enter their phone number and register it with the server’s backend