Very dangerous Android Trojan ‘GriftHorse’ discovered

A new Android Trojan known as “GriftHorse” did just that (via Zimperium). It tricks people into unwittingly subscribing to a recurring payment. If left unchecked, it could have potentially stolen hundreds of dollars from victims so far.

The Trojan is confirmed to have been found in over 100 Android apps. These apps appeared on the Google Play Store as well as multiple third-party platforms. Google has confirmed that the infected apps are already gone from the Play Store, but third-party platforms could still host them. Likewise, these apps could still be on your phone if you downloaded one.

See below for how GriftHorse works and the apps you should uninstall.

What GriftHorse looks like

Above, you can see a screenshot of the “hook” to the GriftHorse Trojan. The free gift promoted by that notification takes you to a website that asks for your phone number. Ostensibly, entering your phone number is to verify your identity so you can claim the prize.

However, unbeknownst to victims, entering your phone number really signs you up for a recurring subscription fee for a bogus service. The monthly fee (which lands in different currencies depending on the user’s location) amounts to about $36 each month.

This charge doesn’t need a credit card. Instead, it’s an SMS-based subscription service, so your carrier gets the charges and passes them onto you through your monthly bill. If you don’t check your bill regularly, this charge could have happened multiple times.

GriftHorse is thought to have been active since November 2020. Ostensibly, that means victims could have lost up to $400 if they were one of the first infections. Judging from the scale of this Trojan, the criminals behind it likely have already made millions of dollars.

You can see a full rundown of how GriftHorse works in very technical detail here. For everyone else, be sure to uninstall any of the apps below.

Apps you should uninstall