According to the researchers, the group is running the campaign for roughly five months, from November 2020 and April 2021.

GriftHorse Malware Campaign has Targeted Users from 70 Countries

The users were getting infected with the malware by using the 200 trojan Android apps that are officially available on Play Store and on other third-party app stores. However, Google has removed those apps after it was notified, but the apps are still available on third-party stores. The researchers say the GriftHorse malware group might steal millions of payments every month from victims worldwide. The malware tricks the users to click on fishy links to redirect the money to their accounts. Zimperium research says these Android apps are harmless at first, but then it tricks the users to subscribe to the premium services without knowing that the trojan group is stealing money from the users.

— ZIMPERIUM (@ZIMPERIUM) September 29, 2021 In a blog post, the company says that these malicious apps are a threat to Android devices as it charges the premium amount around EUR 36 (Rs. 3100 per month). The campaign has targeted millions of users by serving malicious pages to the users based on the location of the IP address. As they distribute in the local languages, most of the users have been attacked. It is claimed that the GriftHorse campaign is the most widespread campaign witnessed in 2021. The malware sends popups and notifications that promise to give prizes and special offers. If you click on such pop-ups, the user will be redirected to the online page where it ask to confirm their phone number to get the offer. Here are some of the popular apps that are infected with GriftHorse malware:

Handy Translator Pro Heart Rate Pulse Tracker Geospot: GPS Location Tracker iCare – Find Location My Chat Translator

Even the Indian users are also affected, so be aware. Zimperium contacted Google about the apps that are infected with GriftHorse. Zimperium is a member of the App Defence Alliance.