Never look a gift horse in the mouth. But stay far away from “GriftHorse” scam apps. If you download one, you could end up paying for an expensive monthly SMS service you never knew you’d signed up for.
The latest malware scare is actually nothing new, which makes it even worse: GriftHorse malware was sitting right under our noses on Google Play’s shelves for over a year.
And GriftHorse isn’t a pest; it’s a demon horde, infecting an estimated 10 million devices to date via 200 perfectly harmless-looking apps.
The damage? Security experts fear it could already be in the hundreds of millions of dollars.
GriftHorse’s Sneaky MO
The GriftHorse scam preys on our compulsive need to download the latest apps.1 It doesn’t help that the fraudsters give their bad programs innocent-sounding names like Instant Speech Translation, Photo Effect Pro, and ClipBuddy, or that there are over 200 of them.
If you take the bait and download a GriftHorse app, you’ll start seeing popup messages on your phone telling you you’ve won a free prize. You’ll see them up to five times an hour.
Annoying, right? That’s the idea. Victims may claim their prize just to make the popups go away.
Bad choice. Just like the most dangerous phishing scams, once you click on the rotten link, the GriftHorse malware sends you to a geo-specific webpage where you’ll be asked to submit your phone number to verify your identity — in your native language.
If you make the mistake of handing over your number, the crooks will sign you up for a premium SMS service that runs about $35 per month. Depending on how vigilant you are with your online payments, it may take months to notice the scam charges.
Sneaky? Even more than you thought.
A Supercharged Trojan
GriftHorse hackers took special care to make their attacks extra effective. Considering that they targeted over 70 countries and managed to filch so much money, that sneakiness was the key to their “success.”
First, the scammers didn’t feed victims messages in their primary language because they were thoughtful. Victims trust personalized messages more, especially messages without typos or grammatical errors, which the GriftHorse grifters made sure to deliver.
The app bandits also took care to mix up their webpage redirects. In other words, it wasn’t one URL that victims were led back to; it was a bunch. Having a variety of “URL lairs” — not just a single hideout— is partly what let the hackers evade detection for over a year.
Safe for Now
Google has pulled the infected apps,2 which were first discovered by Switzerland-based mobile security outfit Zimperium, off its shelves. But be careful, you may still run across them on third-party app stores.
What else can you do to protect yourself from GriftHorse scam apps (and any other bad apps you might run across)? Unfortunately, being selective in the apps you download isn’t always enough. After all, if crooks can fool Google, chances are, they can fool you, too.
If you really want to limit your chances of falling victim to malware, you can, and should, review and overhaul your digital hygiene regularly. Here’s a basic checklist to get started.
- Do you have a VPN installed on all your devices, both mobile and desktop? The best VPNs will filter out bad websites for you so that you won’t ever land on a page where you’re at risk of accidentally handing sensitive details over to bad actors.
- Do you get bank transaction notifications on your phone, or do you subscribe to an identity theft protection service? Either one will put the kibosh on any sneaky fees.
- Do you install the latest updates on your devices as they roll in? Whether you’re a Windows, Android, or Apple user, updating regularly does more than give you the latest features; it protects your privacy and keeps your devices safe against bugs like GriftHorse.
Finally, while this may sound like common sense, the single best protection against scam apps is to never ever claim a free prize on your mobile phone. Reputable companies simply don’t spam you with special offers. If an app does start carpet bombing you with deals that are too good to be true, that’s a sure sign that you should delete it immediately.