Dozens of popular Android apps are virus-infected

Google is slipping from one malware glitch to the next. This time it’s a large-scale Trojan campaign that allowed scammers to steal millions of euros from users.

Der Google Play Store hat seit langem ein Problem mit betrügerischen Apps, die versuchen, an das Geld oder die Daten der Nutzer zu kommen. atechbook warnt immer wieder vor Malware, die sich oft hinter harmlos aussehenden Spielen oder Tool-Apps verbirgt. Nun hat das Sicherheitsunternehmen “Cimperium” auf seinem Blog eine neue Liste mit 136 Viren-Apps veröffentlicht. Diese sollten den sogenannten “GriftHorse”-Trojaner auf Android-Smartphones einschleusen.

Virus infected apps directly from Play Store

Among the apps are harmless and authentic sounding titles like “Geospot: GPS Location Tracker”, “Racers Car Driver “Photo Lab” and “Free Coupons 2021.” In total, they have been downloaded by more than 10 million users since November 2020. After installing one of these apps, users get several notifications per hour. According to them, they should confirm their phone number to win a prize. However, instead, the hackers register the number for an SMS service for which 30-40 euros are charged monthly through the phone bill.

The phone number is entered via a browser in the app itself. This is a common practice that hackers can use to hide the true intent of the app. This is because they don’t have to hide malicious code in the app itself, but only establish a connection to their own servers. Charging amounts via SMS services is also a well-known scam.

Large-scale campaign with virus apps

“Cimperium” zufolge ist es jedoch die schiere Größe dieser Malware-Kampagne mit “GriftHorse”, die dazu geführt hat, dass Googles Sicherheitsvorkehrungen sie nicht entdeckt haben. Die Hacker haben Nutzer in mehr als 70 Ländern ins Visier genommen und die App-Inhalte in der jeweiligen Sprache angezeigt. Zusammen mit relativ wenig Grammatik- und Rechtschreibfehlern in den Texten konnten sie viele Nutzer täuschen. “Cimperium”, Teil von Googles “App Defence Alliance” hat die “GriftHorse”-Kampagne entdeckt. Google hat mittlerweile alle betroffenen Apps aus dem Play Store gelöscht und die Entwickleraccounts gesperrt. Trotzdem kursieren die Apps noch in einigen Drittanbieter-App-Stores. Hier ist die komplette Liste aller betroffenen Titel:

Handy Translator Pro
Heart Rate and Pulse Tracker
Geospot: GPS Location Tracker
iCare – Find Location
My Chat Translator
Bus – Metrolis 2021
Free Translator Photo
Locker Tool
Fingerprint Changer
Call Recoder Pro
Instant Speech Translation
Racers Car Driver
Slime Simulator
Keyboard Themes
What’s Me Sticker
Amazing Video Editor
Safe Lock
Heart Rhythm
Smart Spot Locator
CutCut Pro
OFFRoaders – Survive
Phone Finder by Clapping
Bus Driving Simulator
Fingerprint Defender
Lifeel – scan and test
Launcher iOS 15
Idle Gun Tycoou202anu202c
Scanner App Scan Docs & Notes
Chat Translator All Messengers
Hunt Contact
Horoscope : Fortune
Fitness Point
Qibla AR Pro
Heart Rate and Meal Tracker
Mine Easy Translator
PhoneControl Block Spam Calls
Parallax paper 3D
SnapLens – Photo Translator
Qibla Pass Direction
Photo Effect Pro
iConnected Tracker
Smart Call Recorder
Daily Horoscope & Life Palmestry
Qibla Compass (Kaaba Locator)
Prookie Cartoon Photo Editor
Qibla Ultimate
Truck – RoudDrive Offroad
GPS Phone Tracker – Family Locator
Call Recorder iCall
PikCho Editor app
Street Cars: pro Racing
Cinema Hall: Free HD Movies
Live Wallpaper & Background
Intelligent Translator Pro
Face Analyzer
*TrueCaller & TrueRecoder
*This fake app is not to be confused by the legitimate Truecaller, by True Software Scandinavia AB
iTranslator_ Text & Voice & Photo
Pulse App – Heart Rate Monitor
Video & Photo Recovery Manager 2
Быстрые кредиты 247
Fitness Trainer
Vector arts
Ludo Speak v2.0
Battery Live Wallpaper 4K
Heart Rate Pro Health Monitor
Locatoria – Find Location
Photo Lab
AR Phone Booster – Battery Saver
English Arabic Translator direct
VPN Zone – Fast & Easy Proxy
100% Projector for Mobile Phone
Forza H Mobile 4 Ultimate Edition
Amazing Sticky Slime Simulator ASMRu200f
Clap To Find My Phone
Screen Mirroring TV Cast
Free Calls WorldWide
My Locator Plus
iSalam Qibla Compass
Language Translator-Easy&Fast
WiFi Unlock Password Pro X
Pony Video Chat Live Stream
Zodiac : Hand
Ludo Game Classic
Loca – Find Location
Easy TV Show
Qibla correct Quran Coran Koran
Dating App – Sweet Meet
R Circle – Location Finder
Ela-Salaty: Muslim Prayer Times & Qibla Direction
Qibla Compass
Soul Scanner – Check Your
CIAO – Live Video Chat
Plant Camera Identifier
Color Call Changer
Squishy and Pop it
Keyboard: Virtual Projector App
Scanner Pro App: PDF Document
QR Reader Pro
FX Keyboard
You Frame
Call Record Pro
Free Islamic Stickers 2021
QR Code Reader – Barcode Scanner
Bag X-Ray 100% Scanner
Phone Caller Screen 2021
Translate It – Online App
Mobile Things Finder
Proof Caller
Phone Search by Clap
Second Translate PRO
3D Camera To Plan
Qibla Finder – Qibla Direction
Stickers Maker for WhatsApp
Qibla direction watch (compass)
Piano Bot Easy Lessons
CallHelp: Second Phone Number
FastPulse – Heart Rate Monitor
Caller ID & Spam Blocker
Free Coupons 2021
KFC Saudi – Get free delivery and 50% off coupons
HOO Live – Meet and Chat
Easy Bass Booster
Coupons & Gifts: InstaShop
Launcher iOS for Android
Call Blocker-Spam Call Blocker
Live Mobile Number Tracker

Nevertheless, the security researchers state that the danger is not over even after deleting the affected apps. Due to the high number of apps and users who installed them, the hackers probably got away with millions. They can use that to find ever more sophisticated ways to smuggle malware past security measures.