Black Arrow Threat Alert - GriftHorse Malware Saddles 10 Million Android Users with Sophisticated Billing Malware

Over 10 million Android users have been infected by a particularly lucrative form of malware. Distributed through Google Play, more than 200 apps have been found to contain GriftHorse, a sophisticated trojan used to secretly bill for premium “services”.

Victims have been recorded in 70 countries, with GriftHorse netting its implementers hundreds of millions of euros since it came on scene. The malware was first detected by Zimperium, a mobile security researcher, who stated that GriftHorse was “one of the most widespread campaigns” they’d seen in 2021.

So, how does it work? With names like “Handy Translator Pro” and “Call Recorder Pro”, users are enticed to download the apps, before being bombarded with pop-ups. These pop-ups appear and re-appear with alarming frequency, until the user finally relents.

In a complex move, users are then directed to a custom page based on their location, both for believability and to adapt and outmaneuver anti-virus. Once successful, the device is signed up for a premium text message service, adding a hefty chunk to the victim’s phone bill every month.

A full list of compromised apps and associated URLs can be found here https://pastebin.com/cqRVtsSp