Grifthorse Android Trojan Has Infected Over 10 Million Devices

It has been active since November 2020

Over 10 million Android users have had their smart devices infected by a new malware called Grifthorse, which bombards them with various prize notifications.

According to a security report from Zimperium zLabs, the trojan malware can be found in over 200 malicious apps approved to appear on the Google Play Store. It also was found in third-party app stores. At this point, Zimperium says that the trojan has managed to steal tens of millions of dollars from its victims.

Security breach on phone screen

NicoElNino / Gettys

The way that Grifthorse works is by bombarding users with a ton of notifications about prizes and special discounts. They are then sent to a web page, where they are asked to sign up with their phone number to confirm entry.

Instead of being entered into any discounts or giveaways, the user’s phone number is often entered into various SMS subscription services, some of which can cost up to $35 a month. 

Zimperium has put together a list of the applications infected with Grifthorse on its website. The company also says that Android users in over 70 countries have been affected by the trojan, including the United States, Russia, China, India, Brazil, and more. 

Grifhorse messages and website to scam phone number

Zimperium zLabs

Grifthorse was most active from November 2020 to April 2021 before it was discovered, and Google already has removed the malicious applications from the Play Store. However, infected applications are still available on some unsecured third-party stores.

To avoid downloading infected apps, Zimperium recommends not sideloading applications on your Android device if you are unsure of the app’s security and origin.

Was this page helpful?