Millions of Android users were hit in a well-orchestrated premium text scam. (Photo Illustration by … [+] Avishek Das/SOPA Images/LightRocket via Getty Images)
SOPA Images/LightRocket via Getty Images
As many as 200 rogue Android apps made it onto the Google Play store, stealing people’s money by subscribing them to premium services without their consent, cybersecurity experts warned on Wednesday.
Researchers at cybersecurity company Zimperium claimed that around 10 million Android phones were likely infected, scoring the crooks millions in proceeds before Google threw them off Play. Labelled GriftHorse by Zimperium in a report published on Wednesday, the malicious cybercriminal campaign started building their apps in November 2020.
The hackers had put significant efforts into guaranteeing success. To ensnare their victims, the apps would bombard the user with popups, saying the victim had won a prize and needed to claim it immediately. They were persistent too, pop ups reappearing five times per hour until the offer was accepted. If accepted, the user would then be taken to a webpage, the language of which would change depending on the geolocation of the app user’s IP address. The webpage would ask them for their phone number in order to claim the prize, but rather than win anything, the target would be signed up to a premium SMS service, costing them $40 per month.
The scam apps came in many guises. They included a fake Forza…