A new Android malware campaign is using corrupted apps to secretly subscribe up to 10 million unprotected victims to paid SMS subscriptions for up to $35 per month, security firm Zimperium reported in a blog post today (September 29) In a blog post today (Sept. 29), security firm Zimperium reported.

There are over 200 of these infected apps, most of which consist of utility and entertainment apps, and they have been confirmed to be affected in 70 countries worldwide, including the US, the rest of North America, and most of Europe.

Dozens of infected apps were discovered in the official Google Play store and kicked out after Zimperium notified Google of their existence, but many more are still being found in third-party app stores.

"These malicious Android applications appear harmless when looking at the store's description and requested permissions, but this false sense of trust is transformed when users are charged monthly for premium services they unknowingly subscribed to without consent."

stated researcher Aazim Yaswant in a Zimperium report.

Zimperium calls this malware campaign "GriftHorse" and states that it has been running since November 2020.

To protect yourself from GriftHorse and similar Android malware campaigns, be sure to install apps only from the official Google Play store. the latest versions of Android have an "unknown app installations," meaning that they do not allow "app installations.

We also recommend installing and using one of the best Android antivirus apps. At the time of this writing, few of the apps infected with GriftHorse have been identified as malicious by most malware detection engines, but this is likely to change as Zimperium's report is read.

If you are a victim of such a scam, contact your wireless carrier and explain that you did not willingly sign up for this premium SMS subscription and that you want it cancelled. You may or may not get your money back.

The malicious component of the infected app reads the IP address of the victim's phone and pops up an alert tailored to the victim's geographic location. If the victim is in Greece, the alert will appear in Greek; if the victim is in the UK, the alert will appear in English.

The alert usually tells them that they have won a prize and should claim it ASAP. If you do not reply immediately, the alert will continue to appear until you do. You will then be taken to a website adapted to your language and asked to enter your phone number.

Don't do this. Entering your phone number will result in being secretly registered for a premium SMS service that charges you 30 euros (about US$35 or £26) per month; Zimperium estimates that each registered victim has lost as much as US$230 since the scam service began.

"Victims are not immediately aware of the effects of the theft, which will likely last for months before being discovered, and there is little recourse to recover their money.

GriftHorse operators have managed to avoid the attention of most security researchers and antivirus companies by constantly switching their website to new domains and using IP address filters to localize their website and warnings to the countries of potential victims.

The company has also been able to avoid the attention of most security researchers and antivirus companies.