+

Cookies on the Business Insider India website

Business Insider India has updated its Privacy and Cookie policy. We use cookies to ensure that we give you the better experience on our website. If you continue without changing your settings, we\'ll assume that you are happy to receive all cookies on the Business Insider India website. However, you can change your cookie setting at any time by clicking on our Cookie Policy at any time. You can also see our Privacy Policy.

Close
HomeQuizzoneWhatsappShare Flash Reads
 

Hundreds of scam apps caused a surprise $42 monthly charge to land on millions of Android users' wireless bills

Oct 1, 2021, 04:00 IST
Business Insider
Nicolas Economou/NurPhoto/Getty Images
  • Millions of Android users were plagued by scam apps that placed charges on their wireless bills.
  • Users were tricked by a fake prize into providing their phone numbers, Zimperium reported.
  • Google says that all of the apps identified by Zimperium have been removed from the Play Store.
Advertisement

A massive scamming campaign recently plagued the Google Play Store, affecting millions of Android users.

The scam took place via more than 200 apps run by attackers to scam money from its downloaders, security firm Zimperium reported.

Zimperium, a member of the Google App Defense Alliance which scans applications before publishing in the Google Play Store, estimates that 10 million Android users globally were affected by this scam.

The applications posed as seemingly normal downloads, hiding under facades like "Photo Effect Pro," "Daily Horoscope & Life Palmestry," and "Free Coupons 2021." The apps would notify downloaders that they won a prize and would redirect them to enter their phone number on a specific webpage.

However, by entering their information, users were actually submitting their phone number to an SMS service that would start charging their phone bill about $42 per month.

Advertisement

"Forensic evidence of this active Android Trojan attack, which we have named GriftHorse, suggests that the threat group has been running this campaign since November 2020," Zimperium stated in their findings. "These malicious applications were initially distributed through both Google Play and third-party application stores."

Scams like GriftHorse take advantage of small screens, local trust, and misinformation to trick users into falling for their scams and downloading their apps, Zimperium explained. They also prey on "frustration or curiosity" when they try to accept their fake prize. According to Zimperium, the "level of sophistication, use of novel techniques, and determination" of the threat actors had allowed them to remain undetected.

Google says that all of the apps identified by Zimperium have been removed and the developers of the apps have been banned, but the scam will have lasting effects, WIRED reported. Android users who have not stopped the charges have faced unwanted additions to their wireless bill of over $230.

To prevent scams, the Federal Communications Commission recommends consumers "think twice" before clicking any links and to report any unusual activity. If you sent money to a scammer, the Federal Trade Commission recommends your report the payment right away to reverse the transaction before filing a report with the FTC who can build a case against the scammers.

You are subscribed to notifications!
Looks like you've blocked notifications!
Next Article