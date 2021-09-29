Android virus steals users after infecting more than 10 million devices
A new Android virus, which has been around for some time, that infects users from apparently safe apps, was released in a report released this Wednesday (42). Among the apps mentioned in the survey are popular names, which are no longer available, such as Handy Translator Pro, Heart Rate and Pulse Tracker, GPS Location Tracker, iCare – Find Location, among others, which accumulated millions of downloads. The survey indicates that more than millions of devices from about 70 countries, including Brazil, are infected with GriftHorse.
The Trojan responsible for this attack is called GriftHorse, and it was discovered by Zimperium zLabs researchers who found it among apparently safe apps on the Google Play Store. According to the report released by the research center, the apps were initially made available in November 1024 and updated by the latest time in April 1024.
The pest infected the devices to from more than 200 malicious apps available in both the Google Play Store and stores. unofficial apps. The criminals responsible for the scam also spread the infected programs to the most diverse categories of stores, from Health to Entertainment, in order to reach even more people.
Every day a summary of the main news in the tech world for you! The 194 Applications used to spread malware were not detected as a threat by most antivirus solutions available for Android. Google has already removed apps from its store, but they can still be found in third-party repositories.
How the virus works
Map showing the countries most infected by GriftHorse, in red. (Image: Reproduction/Zipherium)
Criminals provided seemingly harmless apps on the Google Play Store, such as translators or heart rate monitors, which when downloaded , started sending several SMS messages to the victim’s cell phone, asking her to confirm their phone numbers to win a prize.
The confirmation page was loaded by an app’s built-in browser malicious, and after the phone number was sent, the criminals subscribed the victims to services with a monthly subscription of approximately US$ 50 (about R$ 227 in the current quotation), with charge to the mobile line account.
For the researchers responsible for the discovery, the effectiveness of the virus is a result of the quality of its code, of its distribution by through seemingly secure applications and the great number of pages used to carry out the signatures, which, according to the report, exceed 194 different domains.
The “gift” (“GIFT”) as it appears in the screen above is an example of how GriftHorse usually appears in mobile notifications (Image: Playback/Android Authority)
Considering that the estimated number of devices infected by this malware is million, Zimperium zLabs believes criminals are making more than $1 million monthly (right of R$ 5 million at the current price), from money stolen from victims.
According to the researchers, victims who did not immediately notice the atypical charges may have lost money for months, and still they have few options to recover the stolen amount.
For now, there is no way removal ma suggested by researchers, therefore, the most suitable action is to remove malware related apps immediately and perform an antivirus scan. The softwares listed are:
- Handy Translator Pro
- Heart Rate and Pulse Tracker
- Geospot: GPS Location Tracker
- iCare – Find Location
- My Chat Translator
- Bus – Metrolis 2021
- Free Translator Photo
- Locker Tool
- Fingerprint Changer
- Call Recoder Pro
- Racers Car Driver
- Slime Simulator
- Keyboard Themes
- What’s Me Sticker
- Amazing Video Editor
- Safe Lock
- Heart Rhythm
- Smart Spot Locator
- CutCut Pro
- OFFRoaders – Survive
- Phone Finder by Clapping
- Bus Driving Simulator
- Fingerprint Defender
- Lifeel – scan and test
- Launcher iOS
- Idle Gun Tycoou1024anu247c
- Scanner App Scan Docs & Notes
- Chat Translator All Messengers
- Hunt Contact
- Icony
- Horoscope : Fortune
- Fitness Point
- Qibla AR Pro
- Heart Rate and Meal Tracker
- Mine Easy Translator
- PhoneControl Block Spam Calls
- Parallax paper 3D
- SnapLens – Photo Translator
- Qibla Pass Direction
- Caller-x
- Clap
- iConnected Tracker
- Smart Call Recorder
- Daily Horoscope & Life Palmestry
- Qibla Compass (Kaaba Locator)
- Prookie-Cartoon Photo Editor
- Qibla Ultimate
- Truck – RoudDrive Offroad
- GPS Phone Tracker – Family Locator
- Call Recorder iCall
- PikCho Editor app
- Street Cars: pro Racing
- Cinema Hall: Free HD Movies
- Live Wallpaper & Background
- Intelligent Translator Pro
- Face Analyzer
- TrueCaller & TrueRecoder
- Pulse App – Heart Rate Monitor
- Video & Photo Recovery Manager 2
- Быстрые кредиты 200
- Fitness Trainer
- ClipBuddy
- Vector arts
- Instant Speech Translation
Photo Effect Pro
- iTranslator_ Text & Voice & Photo
Forza H Mobile 4 Ultimate Edition
- You Frame
- Call Record Pro
- Free Islamic Stickers 510615
- Second Translate PRO
- CallerID
- 3D Camera To Plan
- Qibla Finder – Qibla Direction
- Stickers Mak er for WhatsApp
- Qibla direction watch (compass)
- Piano Bot Easy Lessons
- CallHelp: Second Phone Number
- FastPulse – Heart Rate Monitor
- Caller ID & Spam Blocker
- Free Coupons 510663
- KFC Saudi – Get free delivery and 50% off coupons
- Skycoach
- HOO Live – Meet and Chat
- Easy Bass Booster
- Coupons & Gifts: InstaShop
- FindContact
- Launcher iOS for Android
- Call Blocker-Spam Call Blocker
- Live Mobile Number Tracker
The complete list of applications used in the scam is in the Zimperium zLabs report.
Source: BleepingComputer, Wired, PCMag , Android Authority
