In context: Google has been trying to keep malicious apps out of the Play Store for years with limited success. The company is constantly working to remove these apps, and the latest round of takedowns includes 200 apps across multiple categories that have been used to spread GriftHorse malware to over x one thousand thousand victims.

Apple'southward been getting lazy in the iOS security section as of late, despite pouring fuel into the peppery iOS vs. Android debate by claiming the latter mobile Bone has 47 times more than malware due to being open to sideloading apps. That said, it'south hard to argue against the fact that Android is more bonny for malware developers, who are prodding information technology every take chances they get.

Heatmap of the over 10 million victims

According to researchers at Zimperium zLabs (via TheRecord), a new Android trojan called GriftHorse has been embedded into no less than 200 malicious apps which were approved into the Google Play store as well every bit some 3rd-party app stores. To date, the malware operators take managed to infect more than than 10 one thousand thousand Android devices from over lxx countries and stole tens of millions of dollars from their victims.

The researchers explained in their report that the GriftHorse entrada has been active since at least November 2022 and through April 2022. When a user installs whatever of the malicious apps, GriftHorse volition generate a large number of notifications and popups that lure people with special discounts or various prizes. People who tap on these go redirected to a web page where they're asked to ostend their phone number in guild to access the promotion.

In reality, the victims of GriftHorse are subscribing to premium SMS services that accuse over $35 per month. It's estimated that GriftHorse operators have been making anywhere from $1.5 million to $4 meg per calendar month using this scheme, and that their starting time victims have probable lost more than than $230 if they didn't cease the scam.

Zimperium researchers Aazim Yaswant and Nipun Gupta note that this was a sophisticated malware entrada where operators used quality code and a wide spectrum of websites and malicious apps that cover virtually every possible category. Zimperium notified Google about the offending apps; while the company did remove them from the Play Shop, they can still be downloaded from third-party app stores.

This isn't the first time this blazon of attack has been leveled at Android users. Back in 2022, mobile security and data management firm Wandera found a similar piece of malware that could send SMS messages to premium services, among other things. And judging by the sophistication present in the GriftHorse entrada, they've probable been doing this for a long time.