An Android Trojan called “GriftHorse,” which relies on tricking victims into giving up their phone numbers to subscribe to premium SMS services has affected more than 10 million victims in 70 different countries.
According to Zimperium zLabs researchers, the Trojan has been in operation since November 2020, and they further explained that the malware is embedded in 200 malicious applications, many of which bypass the protection of the Google Play Store since the malware operators use variable URLs instead of hardcoded addresses to avoid being discovered.
According to the zLabs team, “This method allowed the attackers to target different countries in different ways. This check on the server-side evades dynamic analysis checking for network communication and behaviors.”
Although the malware has since been reported to Google, which removed the malicious apps from its platform, it is still available on other third-party platforms.
For more information, read the original story in ZDNet.