Connect with top gaming leaders in Los Angeles at GamesBeat Summit 2023 this May 22-23. Register here.

The GriftHorse Android trojan has hit over 10 million victims globally, according to the research arm of mobile security firm Zimperium.

Zimperium’s zLabs recently discovered GriftHorse, an aggressive mobile premium services campaign, and says the total amount stolen could be well into the hundreds of millions of euros. While typical premium service scams take advantage of phishing techniques, this specific global scam has hidden behind malicious Android applications acting as trojans, allowing it to take advantage of user interactions for increased spread and infection.

These malicious Android applications appear harmless when looking at the store description and requested permissions, but this false sense of confidence changes when users get charged month after month for the premium service they get subscribed to without their knowledge and consent.

Forensic evidence of this active Android trojan attack, which zLabs has named GriftHorse, suggests that the threat group has been running this campaign since November 2020. These malicious applications were initially distributed through both Google Play and third-party application stores. Zimperium zLabs reported the findings to Google, who verified the provided information and removed the malicious applications from the Google Play store. However, the malicious applications are still available on unsecured third-party app repositories, highlighting the risk of sideloading applications to mobile endpoints and the need for advanced on-device security.


Intelligent Security Summit On-Demand

Learn the critical role of AI & ML in cybersecurity and industry specific case studies. Watch on-demand sessions today.

Watch Here

Read the full report by Zimperium zLabs.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Discover our Briefings.