Joe Hindy / Android Authority
TL; DR
- A newly discovered Android Trojan called “GriftHorse” has likely made millions of dollars.
- The trojan will ask you to enter your phone number to win a prize. This “price” is a recurring subscription to a useless service.
- We have a list of known infected apps. If you have any of these, you should uninstall it ASAP.
A new Android Trojan called “GriftHorse” did just that (via Zimperium). It makes people unwittingly subscribe to a recurring payment. If it wasn’t verified, it could have stolen hundreds of dollars from victims so far.
The Trojan has been confirmed to be found in over 100 Android apps. These apps appeared on the Google Play Store as well as on several third-party platforms. Google has confirmed that the infected apps are already gone from the Play Store, but third-party platforms could still host them. Likewise, if you downloaded one, these apps could still be on your phone.
Below is how GriftHorse works and which apps you should uninstall.
What GriftHorse looks like
Above you can see a screenshot of the “hook” of the GriftHorse Trojan. The free gift promoted by this notification will take you to a website that asks for your phone number. Allegedly, entering your phone number is used to verify your identity so that you can claim the prize.
However, unbeknownst to the victims, entering your phone number is really signing you up for a recurring subscription fee to a fake service. The monthly fee (which comes in different currencies depending on the user’s location) is around $ 36 per month.
Ignorant victims think they are winning a prize, but they really get bogus charges on their phone bills.
This fee does not require a credit card. Instead, it’s an SMS-based subscription service, so your wireless service provider receives the charges and forwards them to you via your monthly bill. If you don’t check your bill regularly, this charge may have occurred multiple times.
It is believed that GriftHorse has been active since November 2020. Allegedly, this means that victims could have lost up to $ 400 if they were one of the first infections. Judging by the scale of this trojan, the criminals behind it have likely already made millions of dollars.
You can see a full overview of how GriftHorse works in very technical detail here. For everyone else, you should uninstall one of the apps listed below.