Connect with us

Android

Android users: Nearly 10 million of you have downloaded apps that steal money – here’s what to know

These apps were secretly signing up people for subscriptions.

samsung phone on table with android
Image: Unsplash

If you’re on Android and have noticed your bank account being slightly lighter than expected, it’s possible that you are one of the nearly 10 million users that have (or had) malware-infested apps on your phone.

As reported by Tom’s Guide and from security firm Zimperium, there are over 200 of these “infected apps” out there, with dozens of them being found on the official Google Play Store. The rest are found on third-party marketplaces.

Thankfully, Zimperium notified Google of the offending apps on the Play Store and those are reportedly gone at this point.

These apps all seem legit when downloading them, but they contain malware – called GriftHorse – that automatically signs up users for monthly subscriptions.

Aazim Yaswant, a researcher for Zimperium, notes:

The campaign has targeted millions of users from over 70 countries by serving selective malicious pages to users based on the geo-location of their IP address with the local language. This social engineering trick is exceptionally successful, considering users might feel more comfortable sharing information to a website in their local language.

If you are worried you downloaded one of these apps (you can find the full list here), make sure to delete the app. If you downloaded it from the Google Play Store it should now be removed.

It might also be beneficial to not allow your Android device to download apps from unknown sources. For many Android users, you can do this by going to Settings > Lock screen and security > Unknown Sources.

Have any thoughts on this? Let us know down below in the comments or carry the discussion over to our Twitter or Facebook.

Editors’ Recommendations:

Comments

More in Android