Android users: Nearly 10 million of you have downloaded apps that steal money – here’s what to know
These apps were secretly signing up people for subscriptions.
If you’re on Android and have noticed your bank account being slightly lighter than expected, it’s possible that you are one of the nearly 10 million users that have (or had) malware-infested apps on your phone.
As reported by Tom’s Guide and from security firm Zimperium, there are over 200 of these “infected apps” out there, with dozens of them being found on the official Google Play Store. The rest are found on third-party marketplaces.
Thankfully, Zimperium notified Google of the offending apps on the Play Store and those are reportedly gone at this point.
These apps all seem legit when downloading them, but they contain malware – called GriftHorse – that automatically signs up users for monthly subscriptions.
Aazim Yaswant, a researcher for Zimperium, notes:
“The campaign has targeted millions of users from over 70 countries by serving selective malicious pages to users based on the geo-location of their IP address with the local language. This social engineering trick is exceptionally successful, considering users might feel more comfortable sharing information to a website in their local language.“
It might also be beneficial to not allow your Android device to download apps from unknown sources. For many Android users, you can do this by going to Settings > Lock screen and security > Unknown Sources.
- Google just brought a bunch more Pixel features to other Android phones
- Watch the Samsung Galaxy Z Fold 3 get dropped on concrete and dunked in a pool
- A new report says that iPhone growth will crush Android through 2021
- The Microsoft Surface Duo 2 foldable fixes many of the mistakes from the first model