As many as 200 malicious Android apps have hit the Google Play Store, stealing people’s money by subscribing to premium services without their consent, cybersecurity experts warned Wednesday.
Researchers at cybersecurity firm Zimperium claimed that around 10 million Android phones were likely infected, earning crooks millions before Google kicked them out of Play. Labeled “GriftHorse” by Zimperium in a report published Wednesday, the malicious cybercrime campaign began building its applications in November 2020.
The hackers had gone to great lengths to ensure success. To trick their victims, the apps bombarded the user with pop-ups, claiming that the victim had won a prize and should claim it immediately. They were also persistent, with pop-ups reappearing five times per hour until the offer was accepted. If accepted, the user would then be directed to a web page, the language of which would change depending on the geolocation of the application user’s IP address. The webpage would ask them for their phone number in order to claim the prize, but rather than winning anything, the target would be signed up for a premium SMS service, which would cost them $ 40 per month.
Fraudulent apps come in many forms. They included a fake Forza driving game, a translator app, a heart rate monitor, and a horoscope tool. One app, called Handy Translator Pro, was downloaded between 500,000 and one million before it was banned from Google Play. There was even a Soul Scanner app, marketed as a “radar to search for paranormal spiritual activity.” The total number of downloads, based on Google Play statistics alone, could have been between 4.3 million and 17.3 million, Zimperium said.
Although Google has removed the offending apps from its store, they remain online in other third-party app marketplaces. They have been able to evade detection for months, making it difficult for security companies to catch and analyze malicious apps. For example, they changed the web servers used to control malware rather than sticking to the same domains, according to Zimperium.
The victims to date are based around the world. “While the majority of victims are in European countries, the fact that malicious actors used Google Play as a major source of distribution has given all malicious applications global reach,” said Shridhar Mittal, CEO of Zimperium . “From Australia to Russia and South Africa to the United States, mobile users around the world have been robbed thanks to the new campaign.”
While not all of the scammers have given their numbers, “even a very small percentage of total victims could generate long-term gains of several million euros for malicious actors,” Mittal added.
Google said it has now banned all affected developers and removed their apps.