[ad_1]
Most smartphone users are aware of the risks involved in downloading or clicking on something whose origins are not entirely clear. But the latest scam, which has been brewing since the end of 2020, risks fooling even the most tech-savvy among us. Hackers target the world’s 2.5 billion Android users and have already successfully scammed millions of them out of hundreds of dollars on their phone bills by making them click on a flirty and seemingly innocuous message . Read on to find out what to avoid saying “yes” to to make sure you don’t fall victim to this new scam.
RELATED: Android Users Are Targeted In This New SMS Scam.
Hackers recently launched a major scam campaign using the Google Play Store, mobile security company Zimperium reported on September 29. According to the company, crooks seeking to steal from Android users have created more than 200 seemingly harmless apps and made them available on the Play Store. Once these scam apps were downloaded, a message would appear on the app to inform the user that they had won a prize, prompting them to enter their phone number to claim it. But the attackers were instead asking Android users to submit their phone number to an SMS service that billed their phone bill around $ 42 per month.
“The forensic evidence of this active Android Trojan attack, which we have named GriftHorse, suggests that the threat group has been running this campaign since November 2020,” Zimperium said. As a result, some of the first attacked users may have already been billed over $ 400 by this point, if they haven’t already realized the issue and contacted their SIM carrier to remove the fraudulent service.
According to Zimperium, it is estimated that the scam has already affected around 10 million Android users worldwide. “The campaign is exceptionally versatile, targeting mobile users in over 70 countries by changing the app language and displaying content based on the current user’s IP address,” Zimperium explained.
The security company said GriftHorse has likely already been able to generate hundreds of millions of stolen money from victims so far. “The cumulative loss of victims is of huge benefit to the cybercriminal group,” the company confirmed.
RELATED: And for more security tips and tricks sent straight to your inbox, sign up for our daily newsletter.
Zimperium has listed a number of apps used by attackers, which were able to target users through seemingly normal and harmless apps under names like “Amazing Video Editor”, “Scanner App Scan Docs & Notes” and “Daily Horoscope” & Life Palmestry. “
Google said Wired that all applications identified by Zimperium have been removed from the Play Store and that these application developers have subsequently been banned. “It’s really a carpet bombing effect when it comes to the amount of applications. One may be successful, another may not, and that’s great.” Richard Melick, Zimperium’s Director of Endpoint Security Product Strategy, said Wired.
Unfortunately, according to Zimperium, these apps are still available through third-party app stores, which means Android users can still easily download them to their devices. The researchers said Wired that Google removing apps from the Play Store certainly helped slow the GiftHorse campaign, but it is unlikely to have gone away altogether.
“These attackers are organized and professional. They started this as a business, and they’re not just going to move on,” Shridhar mittal, CEO of Zimperium, said Wired. “I’m sure it wasn’t a unique thing.
RELATED: If You Receive This Email From Amazon, Delete It Immediately.
[ad_2]
Source link