#Malware screen mirroring android#
The mobile applications pose a threat to all Android devices by functioning as a Trojan that subscribes unsuspecting users to paid services, charging a premium amounting to around 36 Euros per month. What can the GriftHorse Android Trojan do? Explore the global impact of the GriftHorse campaign.
Show the communication with the C&C server and.Discuss the architecture of the applications.Cover the capabilities of the GriftHorse Trojan.However, the malicious applications are still available on unsecured third-party app repositories, highlighting the risk of sideloading applications to mobile endpoints and user data and needing advanced on-device security.ĭisclosure: As a key member of the Google App Defense Alliance, Zimperium scans applications before publishing and provides an ongoing analysis of Android apps in the Google Play Store. Zimperium zLabs reported the findings to Google, who verified the provided information and removed the malicious applications from the Google Play store. These malicious applications were initially distributed through both Google Play and third-party application stores. The Zimperium zLabs researchers discovered this global premium services Trojan campaign through a rise in specific alerts from our z9 on-device malware detection engine, which detected and reported the true nature of these malicious Android applications.įorensic evidence of this active Android Trojan attack, which we have named GriftHorse, suggests that the threat group has been running this campaign since November 2020. These malicious Android applications appear harmless when looking at the store description and requested permissions, but this false sense of confidence changes when users get charged month over month for the premium service they get subscribed to without their knowledge and consent. While typical premium service scams take advantage of phishing techniques, this specific global scam has hidden behind malicious Android applications acting as Trojans, allowing it to take advantage of user interactions for increased spread and infection. Zimperium zLabs recently discovered an aggressive mobile premium services campaign with upwards of 10 million victims globally, and the total amount stolen could be well into the hundreds of millions of Euros. With the increase of mobile device use in everyday life, it is no surprise to see cybercriminals targeting these endpoints for financial crimes. Research and writeup by Aazim Yaswant and Nipun Gupta
0 kommentar(er)
