Skip to Main Content
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

Over 10M Android Phones Infected With GriftHorse Malware

200+ apps across 18 different app categories quietly signed victims up to premium SMS services.

September 29, 2021
(Photo: Adrien/Unsplash)

A new and successful piece of Android malware has infected over 10 million devices in more than 70 countries.

As The Record reports, the malware is called GriftHorse and it was discovered by researchers at mobile security company Zimperium. The sheer scale of infected devices that have flown under the radar until now is due to the method of distribution, which relies on "benign-looking apps" available to download through the Google Play store. It also helps that no anti-virus vendors detected the malware they contained.

Once installed, these apps show the user pop-ups and notifications for special offers and prizes. If any of them are tapped, the user is asked to enter their phone number to get the offer or prize. In doing so, they are unknowingly signed up for a premium SMS service charging $35 or more each month. Of course, that money is directed into the hands of the gang behind GriftHorse.

With over 10 million infected devices, it's estimated the gang is generating income of between $1.5 million and $4 million every month. According to Zimperium researchers Aazim Yaswant and Nipun Gupta, the success of GriftHorse is due to the "malware's code quality, using a wide spectrum of websites (194 domains), malicious apps, and developer personas to infect users and avoid detection for as much as possible."

The scale of the infected app ecosystem is also impressive and spans over 200 apps spread across 18 different categories including tools, puzzle, communication, dating, lifestyle, finance, racing, entertainment, music and audio, health and fitness, productivity, simulation, food and drink, sports, education, board, action, and personalization.

Thankfully, these apps have been removed after Zimperium contacted Google regarding the malware, but it has been operating since at least November 2020, raising questions as to how thorough app reviews really are on the Play Store.

First Look: Surface Duo 2, Microsoft’s Twin-Screen Android Gets a Reboot
PCMag Logo First Look: Surface Duo 2, Microsoft’s Twin-Screen Android Gets a Reboot

Get Our Best Stories!

Sign up for What's New Now to get our top stories delivered to your inbox every morning.

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.


Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

Sign up for other newsletters

TRENDING

About Matthew Humphries

Senior Editor

I started working at PCMag in November 2016, covering all areas of technology and video game news. Before that I spent nearly 15 years working at Geek.com as a writer and editor. I also spent the first six years after leaving university as a professional game designer working with Disney, Games Workshop, 20th Century Fox, and Vivendi.

Read Matthew's full bio

Read the latest from Matthew Humphries