GriftHorse Money-Stealing Trojan Takes 10M Android Users for a Ride

The mobile malware has fleeced hundreds of millions of dollars from victims globally, using sophisticated techniques.

More than 10 million Android users have been saddled with a malware called GriftHorse that’s trojanizing various applications and secretly subscribing victims to premium mobile services – a type of billing fraud that researchers categorize as “fleeceware.”

Zimperium uncovered more than 130 GriftHorse apps being distributed through both Google Play and third-party application stores, across all categories. Some of them have basic functionality, and some of them do nothing, researchers said. In either case, once installed, they lead to victims being billed for premium services – but phone-owners are usually none the wiser until they take a look at their mobile bills.

GriftHorse rode onto the scene in November of last year, and by now, “the total amount stolen could be well into the hundreds of millions of Euros,” according to Zimperium researchers, with each victim paying upwards of $40 per month.

Victims sprawl across 70 different countries, all packing sneaky extra charges that they may not be aware of. Google removed the flagged apps, but GriftHorse is far from corralled: There could be additional Play apps, installs could still

Read More: