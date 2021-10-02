Join gaming leaders online at GamesBeat Summit Next this upcoming November 9-10. Learn more about what comes next.

The GriftHorse Android trojan has hit over 10 million victims globally, according to the research arm of mobile security firm Zimperium.

Zimperium’s zLabs recently discovered GriftHorse, an aggressive mobile premium services campaign, and says the total amount stolen could be well into the hundreds of millions of euros. While typical premium service scams take advantage of phishing techniques, this specific global scam has hidden behind malicious Android applications acting as trojans, allowing it to take advantage of user interactions for increased spread and infection.

These malicious Android applications appear harmless when looking at the store description and requested permissions, but this false sense of confidence changes when users get charged month after month for the premium service they get subscribed to without their knowledge and consent.

Forensic evidence of this active Android trojan attack, which zLabs has named GriftHorse, suggests that the threat group has been running this campaign since November 2020. These malicious applications were initially distributed through both Google Play and third-party application stores. Zimperium zLabs reported the findings to Google, who verified the provided information and removed the malicious applications from the Google Play store. However, the malicious applications are still available on unsecured third-party app repositories, highlighting the risk of sideloading applications to mobile endpoints and the need for advanced on-device security.

