According to a security report from Zimperium zLabs, the trojan malware can be found in over 200 malicious apps approved to appear on the Google Play Store. It also was found in third-party app stores. At this point, Zimperium says that the trojan has managed to steal tens of millions of dollars from its victims. The way that Grifthorse works is by bombarding users with a ton of notifications about prizes and special discounts. They are then sent to a web page, where they are asked to sign up with their phone number to confirm entry. Instead of being entered into any discounts or giveaways, the user’s phone number is often entered into various SMS subscription services, some of which can cost up to $35 a month. Zimperium has put together a list of the applications infected with Grifthorse on its website. The company also says that Android users in over 70 countries have been affected by the trojan, including the United States, Russia, China, India, Brazil, and more. Grifthorse was most active from November 2020 to April 2021 before it was discovered, and Google already has removed the malicious applications from the Play Store. However, infected applications are still available on some unsecured third-party stores. To avoid downloading infected apps, Zimperium recommends not sideloading applications on your Android device if you are unsure of the app’s security and origin.
