Most smartphone users are aware of the risks that come from downloading or clicking on something whose origins aren’t quite clear. But the latest scam, which has been brewing since the end of 2020, may even fool the most tech-savvy among us. Hackers are targeting the 2.5 billion Android users around the world and have already managed to scam millions of them out of hundreds of dollars on their phone bills by having them click on an enticing, seemingly innocuous message. Read on to find out what to avoid saying “yes” to in order to make sure you don’t fall victim to this new scam.
Hackers recently launched a major scamming campaign using the Google Play Store, mobile security company Zimperium reported on Sept. 29. According to the company, scammers looking to steal from Android users created more than 200 seemingly harmless apps and made them available in the Play Store. Once these scam apps were downloaded, a message would pop up on the app to notify the user that they had won a prize, prompting them to enter their phone number to claim it. But the attackers were instead having the Android users submit their phone number to an SMS service that charged their phone bill around $42 per month.
“Forensic evidence of this active Android Trojan attack, which we have named GriftHorse, suggests that the threat group has been running this campaign since November 2020,” Zimperium said. As a result, some of the first users attacked may have already been charged more than $400 at this point, if they have not already realized the issue and contacted their SIM operator to remove the fraudulent service.
According to Zimperium, it is estimated that the scam may have already affected around 10 million Android users globally. “The campaign is exceptionally versatile, targeting mobile users from 70-plus countries by changing the application’s language and displaying the content according to the current user’s IP address,” Zimperium explained.
The security firm said that GriftHorse has also likely already been able to generate hundreds of millions of stolen money from victims so far. “The cumulative loss of the victims adds up to a massive profit for the cybercriminal group,” the company confirmed.
RELATED: And for more security tips and tricks sent right to your inbox, sign up for our daily newsletter.
Zimperium listed a number of apps that were used by the attackers, who were able to target users through seemingly normal and harmless apps under names like “Amazing Video Editor,” “Scanner App Scan Docs & Notes,” and “Daily Horoscope & Life Palmestry.”
Google told Wired that all of the apps Zimperium identified have been removed from the Play Store and those app developers have been subsequently banned. “It’s really a carpet-bombing effect when it comes to the quantity of apps. One might be successful, another might not be, and that’s fine,” Richard Melick, Zimperium’s director of product strategy for end-point security, told Wired.
Unfortunately, according to Zimperium, these apps are still available through third-party app stores, meaning Android users can still easily download them onto their devices. The researchers told Wired that Google taking the applications down from the Play Store certainly helped slow the GiftHorse campaign, but it’s unlikely that it is gone completely.
“These attackers are organized and professional. They set this up as a business, and they’re not just going to move on,” Shridhar Mittal, Zimperium’s CEO, told Wired. “I’m certain this was not a one-time thing.”