Insidious Android Malware Is Contaminating Millions of Users

 

This one's global

Researchers from Zimperium zLabs have detected a nasty, dangerous, global malware campaign that has managed to infect more than 10 million Android devices from around the world in more than 70 different countries.

As with most malware campaigns this one relies on social engineering to spread.

The first stage of the infection process is that the hackers must get their malicious apps past the gatekeepers of the Google Play Store and other third-party app vendors.

This part is purely a numbers game but the hackers behind Grifthorse are pretty good at it. Grifthorse code has been found in more than 200 apps on the Google Play Store alone.

Once the poisoned apps are in position the next goal is to trick users into subscribing to paid services without their knowledge. So far the campaign has managed to steal hundreds of millions of dollars from their victims. Even worse is that in many cases users are unwittingly signed up for recurring payments that can add up quickly unless the victims are watching their accounts closely.

 

Zimperium's researchers had this to say about the malware strain

"Zimperium zLabs recently discovered an aggressive mobile premium services campaign with upwards of 10 million victims globally, and the total amount stolen could be well into the hundreds of millions of Euros.

...one of their first victims, if they have not shut off the scam, has lost more than €200 at the time of writing. The cumulative loss of the victims adds up to a massive profit for the cybercriminal group," the researcher explained.

The numerical stats reveal that more than 10 million Android users fell victim to this campaign globally, suffering financial losses while the threat group grew wealthier and motivated with time."

 

My perspective

Don't take the Grifthorse threat lightly and if you even suspect an infection monitor your accounts closely.

 

Don't pull a Sgt. Schultz:

"I see nothing! I know NOTHING!"

 

By Denis Wilson

Cybersecurity Expert, Small Business Technology Consultant, Managed Services Provider, Managed IT Support

Thanks for reading this short post. For more tips on thriving with small business technology, check out the other blog posts at DWPIA Blogs. You can also find me on LinkedIn, Facebook, and Twitter

I am also a published author and speaker on cloud computing, work@home, and cybersecurity. I work extensively with business and professional associations to provide free small business technology education programs.

 

Contact me if you would like me to speak to your association