ADVERTISEMENT
  • About
  • Advertise
  • Privacy & Policy
  • Contact
Saturday, February 4, 2023
m4links
  • Home
  • News
    • All
    • Campus Tech
    • Electric Cars
    How to Check School Placement in Ghana.(2022)

    How to Check School Placement in Ghana.(2022)

    Rivian could be worth up to $70 billion.

    Rivian could be worth up to $70 billion.

    Invent Cocoa Pod Machine

    Engineering Student At Ashesi University Invent Cocoa Pod Machine

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Tech

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
  • Entertainment
    • All
    • Movie
    Yellowstone season 5: Where to watch

    Yellowstone season 5: Where to watch

    7 new movies and TV shows to watch this weekend on Netflix, Prime Video, HBO Max.

    7 new movies and TV shows to watch this weekend on Netflix, Prime Video, HBO Max.

    Netflix has announced new price increments for subscribers.

    Netflix has announced new price increments for subscribers.  

    Best New movies and TV shows

    Best New movies and TV shows on Netflix, Amazon Prime, HBO Max to watch this weekend.

  • Review
    Users of Android phones are infected with this dangerous new malware. The campaign has targeted millions of users from over 70 countries
    Android phones
    Android phones

    The use of mobile devices has been on the rise recently and it is no surprise to see cybercriminals targeting these endpoints for financial crimes.

    Security researchers have shared details about a malware strain that has reportedly infected millions of Android devices across more than 70 countries. 

    Discovered by mobile security firm Zimperium, the GriftHorse malware subscribes users specifically Android phones to premium SMS services and has been at it since at least November 2020.

    According to Zimperium researchers Aazim Yaswant and Nipun Gupta, GriftHorse is one of the “most widespread campaigns” they’ve tracked this year.

    The malware and means of distribution

    Forensic evidence of Zimperium zLabs indicates these active Android phones target Trojan attack, which is named GriftHorse, the threat group has been running this campaign since November 2020. These malicious applications were initially distributed through both  Google Play and third-party application stores.

    Zimperium zLabs reported the findings to Google, who verified the provided information and removed the malicious applications from the Google Play store. However, the malicious applications are still available on unsecured third-party app repositories, highlighting the risk of sideloading applications to mobile endpoints and user data and needing advanced on-device security.

    What can the GriftHorse Android Trojan do?

    The mobile applications pose a threat to all Android phones by functioning as a Trojan that subscribes unsuspecting users to paid services, charging a premium amounting to around 36 Euros per month.

    The campaign has targeted millions of users from over 70 countries by serving selective malicious pages to users based on the geo-location of their IP address with the local language. This social engineering trick is exceptionally successful, considering users might feel more comfortable sharing information to a website in their local language.

    Upon infection, the victim is bombarded with alerts on the screen letting them know they had won a prize and needed to claim it immediately.

    These pop-ups reappear no less than five times per hour until the application user successfully accepts the offer.

    Upon accepting the invitation for the prize, the malware redirects the victim to a geo-specific webpage where they are asked to submit their phone numbers for verification.

    But in reality, they are submitting their phone number to a premium SMS service that would start charging their phone bill over €30 per month.

    The victim does not immediately notice the impact of the theft, and the likelihood of it continuing for months before detection is high, with no means to get one’s money back.

    How does the GriftHorse Android Trojan work on Android phones?

    The Trojans are developed using the mobile application development framework named Apache Cordova. Cordova allows developers to use standard web technologies – HTML5, CSS3, and JavaScript for cross-platform mobile development.

    This technology enables developers to deploy updates to apps without requiring the user to update manually.

    When installed on Android phones, the malware will flood the users with fraudulent pop-ups and notifications showing fake prizes and special offers.

    The configuration for pushing the notifications is received in the response and displayed every one hour five times on Android phones. The motive of this repetitive notification pushing is to grab the user’s attention and navigate to the application.

    If a user clicks on the notification, they’ll be asked to enter their phone numbers to claim their winnings, not knowing they are subscribing to expensive premium SMS services.

    What makes the GriftHorse campaign really effective though is the amount of work its developers have invested in polishing the malware’s code quality.

    To further its reach, the researchers point out that the threat actors behind the malware have put in conscious effort to distribute it across a well-thought-of spread of apps.

    “The level of sophistication, use of novel techniques, and determination displayed by the threat actors allowed them to stay undetected for several months,” note the researchers.

    Zimperium brought the campaign to Google’s notice, and the infected apps have since been zapped from the Play Store.

    The strategy used in the performing the acts

    According to Zimperium zLabs, the GriftHorse campaign is one of the most widespread campaigns the zLabs threat research team has witnessed in 2021, and its success is attributable is to a combination of features:

    • Completely undetected and reported by any other AV vendors;
    • More than 200 Trojan applications were used in the campaign;
    • Sophisticated architecture preventing the investigation of the extent of this campaign.
    • No-Reuse policy to avoid the blocklisting of strings.
    Infected victim.

    The numerical stats reveal that more than 10 million Android phones fell victim to this campaign globally, suffering financial losses while the threat group grew wealthier and motivated with time. And while the victims struggle to get their money back, the cybercriminals made off with millions of Euros through this technically novel and effective Trojan campaign.

    Indicators of Compromise

    List of Applications

    Package NameApp NameMinMax
    com.tra.nslat.orpro.htpHandy Translator Pro500,0001,000,000
    com.heartratteandpulsetrackerHeart Rate and Pulse Tracker100,000500,000
    com.geospot.location.gltGeospot: GPS Location Tracker100,000500,000
    com.icare.fin.lociCare – Find Location100,000500,000
    my.chat.translatorMy Chat Translator100,000500,000
    com.bus.metrolis.sBus – Metrolis 2021100,000500,000
    com.free.translator.photo.amFree Translator Photo100,000500,000
    com.locker.tul.ltLocker Tool100,000500,000
    com.fin.gerp.rint.fcFingerprint Changer100,000500,000
    com.coll.rec.ord.erCall Recoder Pro100,000500,000
    instant.speech.translationInstant Speech Translation100,000500,000
    racers.car.driverRacers Car Driver100,000500,000
    slime.simu.latorSlime Simulator100,000500,000
    keyboard.the.mesKeyboard Themes100,000500,000
    whats.me.stickerWhat’s Me Sticker100,000500,000
    amazing.video.editorAmazing Video Editor100,000500,000
    sa.fe.lockSafe Lock100,000500,000
    heart.rhy.thmHeart Rhythm100,000500,000
    com.sma.spot.loca.torSmart Spot Locator100,000500,000
    cut.cut.proCutCut Pro100,000500,000
    com.offroaders.surviveOFFRoaders – Survive100,000500,000
    com.phon.fin.by.cl.apPhone Finder by Clapping100,000500,000
    com.drive.bus.bdsBus Driving Simulator100,000500,000
    com.finger.print.defFingerprint Defender100,000500,000
    com.lifeel.scanandtestLifeel – scan and test100,000500,000
    com.la.so.uncher.ioLauncher iOS 15100,000500,000
    com.gunt.ycoon.dleIdle Gun Tycoo\u202an\u202c50,000100,000
    com.scan.asdnScanner App Scan Docs & Notes50,000100,000
    com.chat.trans.almChat Translator All Messengers50,000100,000
    com.hunt.contact.roHunt Contact50,000100,000
    com.lco.nylcoIcony50,000100,000
    horoscope.fortune.comHoroscope : Fortune50,000100,000
    fit.ness.pointFitness Point50,000100,000
    com.qub.laQibla AR Pro50,000100,000
    com.heartrateandmealtrackerHeart Rate and Meal Tracker50,000100,000
    com.mneasytrn.slatorMine Easy Translator50,000100,000
    com.phone.control.blockspamxPhoneControl Block Spam Calls50,000100,000
    com.paral.lax.paper.threParallax paper 3D50,000100,000
    com.photo.translator.sptSnapLens – Photo Translator50,000100,000
    com.qibl.apas.dirQibla Pass Direction50,000100,000
    com.caollerrrexCaller-x50,000100,000
    com.cl.apClap50,000100,000
    com.eff.phot.oproPhoto Effect Pro10,00050,000
    com.icon.nec.ted.trac.keriConnected Tracker10,00050,000
    com.smal.lcallrecorderSmart Call Recorder10,00050,000
    com.hor.oscope.palDaily Horoscope & Life Palmestry10,00050,000
    com.qiblacompasslocatoriqezQibla Compass (Kaaba Locator)10,00050,000
    com.proo.kie.phot.edtrProokie-Cartoon Photo Editor10,00050,000
    com.qibla.ultimate.quQibla Ultimate10,00050,000
    com.truck.roud.offroad.zTruck – RoudDrive Offroad10,00050,000
    com.gpsphonuetrackerfamilylocatorGPS Phone Tracker – Family Locator10,00050,000
    com.call.recorder.criCall Recorder iCall10,00050,000
    com.pikcho.editorPikCho Editor app10,00050,000
    com.streetprocarsracingssStreet Cars: pro Racing10,00050,000
    com.cinema.hallCinema Hall: Free HD Movies10,00050,000
    com.ivlewepapallr.bkragonucdLive Wallpaper & Background10,00050,000
    com.in1.tel.ligent.trans.lt.proIntelligent Translator Pro10,00050,000
    com.aceana.lyzzerFace Analyzer10,00050,000
    com.tueclert.ruercderTrueCaller & TrueRecoder10,00050,000
    com.trans.lator.txt.voice.phtiTranslator_ Text & Voice & Photo10,00050,000
    com.puls.rat.monikPulse App – Heart Rate Monitor10,00050,000
    com.vidphoremangerVideo & Photo Recovery Manager 210,00050,000
    online.expresscredit.comБыстрые кредиты 24\710,00050,000
    fit.ness.trainerFitness Trainer10,00050,000
    com.clip.buddyClipBuddy10,00050,000
    vec.tor.artVector arts10,00050,000
    ludo.speak.v2Ludo Speak v2.010,00050,000
    battery.live.wallpaperhdBattery Live Wallpaper 4K10,00050,000
    com.heartrateproxhealthmonitorHeart Rate Pro Health Monitor10,00050,000
    com.locatorqiafindlocationLocatoria – Find Location10,00050000
    com.gtconacerGetContacter10,00050000
    ph.oto.labPhoto Lab10,00050,000
    com.phonebosterAR Phone Booster – Battery Saver10,00050,000
    com.translator.arabic.enEnglish Arabic Translator direct10,00050,000
    com.vpn.fast.proxy.fepVPN Zone – Fast & Easy Proxy10,00050,000
    com.projector.mobile.phone100% Projector for Mobile Phone10,00050,000
    com.forza.mobile.ult.edForza H Mobile 4 Ultimate Edition10,00050,000
    com.sticky.slime.sim.asmr.nwsAmazing Sticky Slime Simulator ASMR\u200f10,00050,000
    com.clap.t.findz.m.phoneClap To Find My Phone10,00050,000
    com.mirror.scree.n.cast.tvvScreen Mirroring TV Cast10,00050,000
    com.frcallworwidFree Calls WorldWide10,00050,000
    locator.plus.myMy Locator Plus10,00050,000
    com.isalamqciqciSalam Qibla Compass5,00010,000
    com.lang.tra.nslate.ltefLanguage Translator-Easy&Fast5,00010,000
    com.wifi.unlock.pas.pro.xWiFi Unlock Password Pro X5,00010,000
    com.chat.live.stream.pvcPony Video Chat-Live Stream5,00010,000
    com.zodiac.handZodiac : Hand5,00010,000
    com.lud.gam.eclLudo Game Classic5,00010,000
    com.locx.findx.locxLoca – Find Location5,00010,000
    com.easy.tv.show.etsEasy TV Show5,00010,000
    com.qiblaquranQibla correct Quran Coran Koran5,00010,000
    com.dat.ing.app.sw.mtDating App – Sweet Meet5,00010,000
    com.circ.leloca.fi.nderR Circle – Location Finder5,00010,000
    com.taggsskconattcTagsContact5,00010,000
    com.ela.salaty.musl.qiblaEla-Salaty: Muslim Prayer Times & Qibla Direction1,0005,000
    com.qiblacompassrtviQibla Compass1,0005,000
    com.soul.scanner.check.yhSoul Scanner – Check Your1,0005,000
    com.chat.video.live.ciaoCIAO – Live Video Chat1,0005,000
    com.plant.camera.identifier.pciPlant Camera Identifier1,0005,000
    com.call.colop.chan.ccColor Call Changer1,0005,000
    com.squishy.pop.itSquishy and Pop it1,0005,000
    com.keyboard.virt.projector.appKeyboard: Virtual Projector App1,0005,000
    com.scanr.gdp.docScanner Pro App: PDF Document1,0005,000
    com.qrrea.derproQR Reader Pro1,0005,000
    com.f.x.key.bo.ardFX Keyboard1,0005,000
    photoeditor.frame.comYou Frame1,0005,000
    call.record.provCall Record Pro1,0005,000
    com.isl.srick.ersFree Islamic Stickers 20211,0005,000
    com.qr.code.reader.scanQR Code Reader – Barcode Scanner1,0005,000
    com.scan.n.rayBag X-Ray 100% Scanner1,0005,000
    com.phone.caller.scrennPhone Caller Screen 20211,0005,000
    com.trnsteito.nneappTranslate It – Online App1,0005,000
    com.mobthinfindMobile Things Finder1,0005,000
    com.piriufffcaerProof-Caller1,0005,000
    com.hones.earcy.laofPhone Search by Clap1,0005,000
    com.secontranslaproSecond Translate PRO1,0005,000
    cal.ler.idsCallerID1,0005,000
    com.camera.d.plan3D Camera To Plan5001,000
    com.qib.find.qib.diQibla Finder – Qibla Direction5001,000
    com.stick.maker.wapsStickers Maker for WhatsApp5001,000
    com.qbbl.ldironwachQibla direction watch (compass)5001,000
    com.bo.ea.lesss.pianoPiano Bot Easy Lessons5001000
    com.seond.honen.umberCallHelp: Second Phone Number5001000
    com.faspulhearratmonFastPulse – Heart Rate Monitor5001000
    com.alleid.pam.lofhysCaller ID & Spam Blocker5001000
    com.free.coupon2021Free Coupons 2021100500
    com.kfc.saudi.delivery.couponsKFC Saudi – Get free delivery and 50% off coupons100500
    com.skycoach.ggSkycoach100500
    com.live.chat.meet.hooHOO Live – Meet and Chat100500
    easy.bass.boosterEasy Bass Booster1050
    com.coupongiftsnstashopCoupons & Gifts: InstaShop1050
    com.finnccontatFindContact1050
    com.aunch.erios.drogLauncher iOS for Android1050
    com.blo.cced.als.pam.rzdCall Blocker-Spam Call Blocker1050
    com.blo.cced.als.pam.rzdCall Blocker-Spam Call Blocker1050
    com.ivemobiberckerLive Mobile Number Tracker1050
    Total4,287,47017,345,450

    For further clarification read more on Zimperium zLab

  • Yutbe Review
No Result
View All Result
  • Home
  • News
    • All
    • Campus Tech
    • Electric Cars
    How to Check School Placement in Ghana.(2022)

    How to Check School Placement in Ghana.(2022)

    Rivian could be worth up to $70 billion.

    Rivian could be worth up to $70 billion.

    Invent Cocoa Pod Machine

    Engineering Student At Ashesi University Invent Cocoa Pod Machine

    Trending Tags

    • Trump Inauguration
    • United Stated
    • White House
    • Market Stories
    • Election Results
  • Tech

    Trending Tags

    • Nintendo Switch
    • CES 2017
    • Playstation 4 Pro
    • Mark Zuckerberg
  • Entertainment
    • All
    • Movie
    Yellowstone season 5: Where to watch

    Yellowstone season 5: Where to watch

    7 new movies and TV shows to watch this weekend on Netflix, Prime Video, HBO Max.

    7 new movies and TV shows to watch this weekend on Netflix, Prime Video, HBO Max.

    Netflix has announced new price increments for subscribers.

    Netflix has announced new price increments for subscribers.  

    Best New movies and TV shows

    Best New movies and TV shows on Netflix, Amazon Prime, HBO Max to watch this weekend.

  • Review
    Users of Android phones are infected with this dangerous new malware. The campaign has targeted millions of users from over 70 countries
    Android phones
    Android phones

    The use of mobile devices has been on the rise recently and it is no surprise to see cybercriminals targeting these endpoints for financial crimes.

    Security researchers have shared details about a malware strain that has reportedly infected millions of Android devices across more than 70 countries. 

    Discovered by mobile security firm Zimperium, the GriftHorse malware subscribes users specifically Android phones to premium SMS services and has been at it since at least November 2020.

    According to Zimperium researchers Aazim Yaswant and Nipun Gupta, GriftHorse is one of the “most widespread campaigns” they’ve tracked this year.

    The malware and means of distribution

    Forensic evidence of Zimperium zLabs indicates these active Android phones target Trojan attack, which is named GriftHorse, the threat group has been running this campaign since November 2020. These malicious applications were initially distributed through both  Google Play and third-party application stores.

    Zimperium zLabs reported the findings to Google, who verified the provided information and removed the malicious applications from the Google Play store. However, the malicious applications are still available on unsecured third-party app repositories, highlighting the risk of sideloading applications to mobile endpoints and user data and needing advanced on-device security.

    What can the GriftHorse Android Trojan do?

    The mobile applications pose a threat to all Android phones by functioning as a Trojan that subscribes unsuspecting users to paid services, charging a premium amounting to around 36 Euros per month.

    The campaign has targeted millions of users from over 70 countries by serving selective malicious pages to users based on the geo-location of their IP address with the local language. This social engineering trick is exceptionally successful, considering users might feel more comfortable sharing information to a website in their local language.

    Upon infection, the victim is bombarded with alerts on the screen letting them know they had won a prize and needed to claim it immediately.

    These pop-ups reappear no less than five times per hour until the application user successfully accepts the offer.

    Upon accepting the invitation for the prize, the malware redirects the victim to a geo-specific webpage where they are asked to submit their phone numbers for verification.

    But in reality, they are submitting their phone number to a premium SMS service that would start charging their phone bill over €30 per month.

    The victim does not immediately notice the impact of the theft, and the likelihood of it continuing for months before detection is high, with no means to get one’s money back.

    How does the GriftHorse Android Trojan work on Android phones?

    The Trojans are developed using the mobile application development framework named Apache Cordova. Cordova allows developers to use standard web technologies – HTML5, CSS3, and JavaScript for cross-platform mobile development.

    This technology enables developers to deploy updates to apps without requiring the user to update manually.

    When installed on Android phones, the malware will flood the users with fraudulent pop-ups and notifications showing fake prizes and special offers.

    The configuration for pushing the notifications is received in the response and displayed every one hour five times on Android phones. The motive of this repetitive notification pushing is to grab the user’s attention and navigate to the application.

    If a user clicks on the notification, they’ll be asked to enter their phone numbers to claim their winnings, not knowing they are subscribing to expensive premium SMS services.

    What makes the GriftHorse campaign really effective though is the amount of work its developers have invested in polishing the malware’s code quality.

    To further its reach, the researchers point out that the threat actors behind the malware have put in conscious effort to distribute it across a well-thought-of spread of apps.

    “The level of sophistication, use of novel techniques, and determination displayed by the threat actors allowed them to stay undetected for several months,” note the researchers.

    Zimperium brought the campaign to Google’s notice, and the infected apps have since been zapped from the Play Store.

    The strategy used in the performing the acts

    According to Zimperium zLabs, the GriftHorse campaign is one of the most widespread campaigns the zLabs threat research team has witnessed in 2021, and its success is attributable is to a combination of features:

    • Completely undetected and reported by any other AV vendors;
    • More than 200 Trojan applications were used in the campaign;
    • Sophisticated architecture preventing the investigation of the extent of this campaign.
    • No-Reuse policy to avoid the blocklisting of strings.
    Infected victim.

    The numerical stats reveal that more than 10 million Android phones fell victim to this campaign globally, suffering financial losses while the threat group grew wealthier and motivated with time. And while the victims struggle to get their money back, the cybercriminals made off with millions of Euros through this technically novel and effective Trojan campaign.

    Indicators of Compromise

    List of Applications

    Package NameApp NameMinMax
    com.tra.nslat.orpro.htpHandy Translator Pro500,0001,000,000
    com.heartratteandpulsetrackerHeart Rate and Pulse Tracker100,000500,000
    com.geospot.location.gltGeospot: GPS Location Tracker100,000500,000
    com.icare.fin.lociCare – Find Location100,000500,000
    my.chat.translatorMy Chat Translator100,000500,000
    com.bus.metrolis.sBus – Metrolis 2021100,000500,000
    com.free.translator.photo.amFree Translator Photo100,000500,000
    com.locker.tul.ltLocker Tool100,000500,000
    com.fin.gerp.rint.fcFingerprint Changer100,000500,000
    com.coll.rec.ord.erCall Recoder Pro100,000500,000
    instant.speech.translationInstant Speech Translation100,000500,000
    racers.car.driverRacers Car Driver100,000500,000
    slime.simu.latorSlime Simulator100,000500,000
    keyboard.the.mesKeyboard Themes100,000500,000
    whats.me.stickerWhat’s Me Sticker100,000500,000
    amazing.video.editorAmazing Video Editor100,000500,000
    sa.fe.lockSafe Lock100,000500,000
    heart.rhy.thmHeart Rhythm100,000500,000
    com.sma.spot.loca.torSmart Spot Locator100,000500,000
    cut.cut.proCutCut Pro100,000500,000
    com.offroaders.surviveOFFRoaders – Survive100,000500,000
    com.phon.fin.by.cl.apPhone Finder by Clapping100,000500,000
    com.drive.bus.bdsBus Driving Simulator100,000500,000
    com.finger.print.defFingerprint Defender100,000500,000
    com.lifeel.scanandtestLifeel – scan and test100,000500,000
    com.la.so.uncher.ioLauncher iOS 15100,000500,000
    com.gunt.ycoon.dleIdle Gun Tycoo\u202an\u202c50,000100,000
    com.scan.asdnScanner App Scan Docs & Notes50,000100,000
    com.chat.trans.almChat Translator All Messengers50,000100,000
    com.hunt.contact.roHunt Contact50,000100,000
    com.lco.nylcoIcony50,000100,000
    horoscope.fortune.comHoroscope : Fortune50,000100,000
    fit.ness.pointFitness Point50,000100,000
    com.qub.laQibla AR Pro50,000100,000
    com.heartrateandmealtrackerHeart Rate and Meal Tracker50,000100,000
    com.mneasytrn.slatorMine Easy Translator50,000100,000
    com.phone.control.blockspamxPhoneControl Block Spam Calls50,000100,000
    com.paral.lax.paper.threParallax paper 3D50,000100,000
    com.photo.translator.sptSnapLens – Photo Translator50,000100,000
    com.qibl.apas.dirQibla Pass Direction50,000100,000
    com.caollerrrexCaller-x50,000100,000
    com.cl.apClap50,000100,000
    com.eff.phot.oproPhoto Effect Pro10,00050,000
    com.icon.nec.ted.trac.keriConnected Tracker10,00050,000
    com.smal.lcallrecorderSmart Call Recorder10,00050,000
    com.hor.oscope.palDaily Horoscope & Life Palmestry10,00050,000
    com.qiblacompasslocatoriqezQibla Compass (Kaaba Locator)10,00050,000
    com.proo.kie.phot.edtrProokie-Cartoon Photo Editor10,00050,000
    com.qibla.ultimate.quQibla Ultimate10,00050,000
    com.truck.roud.offroad.zTruck – RoudDrive Offroad10,00050,000
    com.gpsphonuetrackerfamilylocatorGPS Phone Tracker – Family Locator10,00050,000
    com.call.recorder.criCall Recorder iCall10,00050,000
    com.pikcho.editorPikCho Editor app10,00050,000
    com.streetprocarsracingssStreet Cars: pro Racing10,00050,000
    com.cinema.hallCinema Hall: Free HD Movies10,00050,000
    com.ivlewepapallr.bkragonucdLive Wallpaper & Background10,00050,000
    com.in1.tel.ligent.trans.lt.proIntelligent Translator Pro10,00050,000
    com.aceana.lyzzerFace Analyzer10,00050,000
    com.tueclert.ruercderTrueCaller & TrueRecoder10,00050,000
    com.trans.lator.txt.voice.phtiTranslator_ Text & Voice & Photo10,00050,000
    com.puls.rat.monikPulse App – Heart Rate Monitor10,00050,000
    com.vidphoremangerVideo & Photo Recovery Manager 210,00050,000
    online.expresscredit.comБыстрые кредиты 24\710,00050,000
    fit.ness.trainerFitness Trainer10,00050,000
    com.clip.buddyClipBuddy10,00050,000
    vec.tor.artVector arts10,00050,000
    ludo.speak.v2Ludo Speak v2.010,00050,000
    battery.live.wallpaperhdBattery Live Wallpaper 4K10,00050,000
    com.heartrateproxhealthmonitorHeart Rate Pro Health Monitor10,00050,000
    com.locatorqiafindlocationLocatoria – Find Location10,00050000
    com.gtconacerGetContacter10,00050000
    ph.oto.labPhoto Lab10,00050,000
    com.phonebosterAR Phone Booster – Battery Saver10,00050,000
    com.translator.arabic.enEnglish Arabic Translator direct10,00050,000
    com.vpn.fast.proxy.fepVPN Zone – Fast & Easy Proxy10,00050,000
    com.projector.mobile.phone100% Projector for Mobile Phone10,00050,000
    com.forza.mobile.ult.edForza H Mobile 4 Ultimate Edition10,00050,000
    com.sticky.slime.sim.asmr.nwsAmazing Sticky Slime Simulator ASMR\u200f10,00050,000
    com.clap.t.findz.m.phoneClap To Find My Phone10,00050,000
    com.mirror.scree.n.cast.tvvScreen Mirroring TV Cast10,00050,000
    com.frcallworwidFree Calls WorldWide10,00050,000
    locator.plus.myMy Locator Plus10,00050,000
    com.isalamqciqciSalam Qibla Compass5,00010,000
    com.lang.tra.nslate.ltefLanguage Translator-Easy&Fast5,00010,000
    com.wifi.unlock.pas.pro.xWiFi Unlock Password Pro X5,00010,000
    com.chat.live.stream.pvcPony Video Chat-Live Stream5,00010,000
    com.zodiac.handZodiac : Hand5,00010,000
    com.lud.gam.eclLudo Game Classic5,00010,000
    com.locx.findx.locxLoca – Find Location5,00010,000
    com.easy.tv.show.etsEasy TV Show5,00010,000
    com.qiblaquranQibla correct Quran Coran Koran5,00010,000
    com.dat.ing.app.sw.mtDating App – Sweet Meet5,00010,000
    com.circ.leloca.fi.nderR Circle – Location Finder5,00010,000
    com.taggsskconattcTagsContact5,00010,000
    com.ela.salaty.musl.qiblaEla-Salaty: Muslim Prayer Times & Qibla Direction1,0005,000
    com.qiblacompassrtviQibla Compass1,0005,000
    com.soul.scanner.check.yhSoul Scanner – Check Your1,0005,000
    com.chat.video.live.ciaoCIAO – Live Video Chat1,0005,000
    com.plant.camera.identifier.pciPlant Camera Identifier1,0005,000
    com.call.colop.chan.ccColor Call Changer1,0005,000
    com.squishy.pop.itSquishy and Pop it1,0005,000
    com.keyboard.virt.projector.appKeyboard: Virtual Projector App1,0005,000
    com.scanr.gdp.docScanner Pro App: PDF Document1,0005,000
    com.qrrea.derproQR Reader Pro1,0005,000
    com.f.x.key.bo.ardFX Keyboard1,0005,000
    photoeditor.frame.comYou Frame1,0005,000
    call.record.provCall Record Pro1,0005,000
    com.isl.srick.ersFree Islamic Stickers 20211,0005,000
    com.qr.code.reader.scanQR Code Reader – Barcode Scanner1,0005,000
    com.scan.n.rayBag X-Ray 100% Scanner1,0005,000
    com.phone.caller.scrennPhone Caller Screen 20211,0005,000
    com.trnsteito.nneappTranslate It – Online App1,0005,000
    com.mobthinfindMobile Things Finder1,0005,000
    com.piriufffcaerProof-Caller1,0005,000
    com.hones.earcy.laofPhone Search by Clap1,0005,000
    com.secontranslaproSecond Translate PRO1,0005,000
    cal.ler.idsCallerID1,0005,000
    com.camera.d.plan3D Camera To Plan5001,000
    com.qib.find.qib.diQibla Finder – Qibla Direction5001,000
    com.stick.maker.wapsStickers Maker for WhatsApp5001,000
    com.qbbl.ldironwachQibla direction watch (compass)5001,000
    com.bo.ea.lesss.pianoPiano Bot Easy Lessons5001000
    com.seond.honen.umberCallHelp: Second Phone Number5001000
    com.faspulhearratmonFastPulse – Heart Rate Monitor5001000
    com.alleid.pam.lofhysCaller ID & Spam Blocker5001000
    com.free.coupon2021Free Coupons 2021100500
    com.kfc.saudi.delivery.couponsKFC Saudi – Get free delivery and 50% off coupons100500
    com.skycoach.ggSkycoach100500
    com.live.chat.meet.hooHOO Live – Meet and Chat100500
    easy.bass.boosterEasy Bass Booster1050
    com.coupongiftsnstashopCoupons & Gifts: InstaShop1050
    com.finnccontatFindContact1050
    com.aunch.erios.drogLauncher iOS for Android1050
    com.blo.cced.als.pam.rzdCall Blocker-Spam Call Blocker1050
    com.blo.cced.als.pam.rzdCall Blocker-Spam Call Blocker1050
    com.ivemobiberckerLive Mobile Number Tracker1050
    Total4,287,47017,345,450

    For further clarification read more on Zimperium zLab

  • Yutbe Review
No Result
View All Result
m4links.com
No Result
View All Result
  • General Tech
  • Apple
  • Google
  • Startup
  • iOS
  • Gadget
  • Mobile
  • TELCOS
  • Movie
  • HOW TOS.
  • Video Review

Users of Android phones are infected with this dangerous new malware 2021.

Rick by Rick
in Android Guide
Reading Time: 13 mins read
0 0
0
Android phones

Android phones

Share on FacebookShare on Twitter
Users of Android phones are infected with this dangerous new malware. The campaign has targeted millions of users from over 70 countries
Android phones
Android phones

The use of mobile devices has been on the rise recently and it is no surprise to see cybercriminals targeting these endpoints for financial crimes.

Security researchers have shared details about a malware strain that has reportedly infected millions of Android devices across more than 70 countries. 

RelatedPosts

No Content Available
Load More

Discovered by mobile security firm Zimperium, the GriftHorse malware subscribes users specifically Android phones to premium SMS services and has been at it since at least November 2020.

According to Zimperium researchers Aazim Yaswant and Nipun Gupta, GriftHorse is one of the “most widespread campaigns” they’ve tracked this year.

The malware and means of distribution

Forensic evidence of Zimperium zLabs indicates these active Android phones target Trojan attack, which is named GriftHorse, the threat group has been running this campaign since November 2020. These malicious applications were initially distributed through both  Google Play and third-party application stores.

Zimperium zLabs reported the findings to Google, who verified the provided information and removed the malicious applications from the Google Play store. However, the malicious applications are still available on unsecured third-party app repositories, highlighting the risk of sideloading applications to mobile endpoints and user data and needing advanced on-device security.

What can the GriftHorse Android Trojan do?

The mobile applications pose a threat to all Android phones by functioning as a Trojan that subscribes unsuspecting users to paid services, charging a premium amounting to around 36 Euros per month.

The campaign has targeted millions of users from over 70 countries by serving selective malicious pages to users based on the geo-location of their IP address with the local language. This social engineering trick is exceptionally successful, considering users might feel more comfortable sharing information to a website in their local language.

Upon infection, the victim is bombarded with alerts on the screen letting them know they had won a prize and needed to claim it immediately.

These pop-ups reappear no less than five times per hour until the application user successfully accepts the offer.

Upon accepting the invitation for the prize, the malware redirects the victim to a geo-specific webpage where they are asked to submit their phone numbers for verification.

But in reality, they are submitting their phone number to a premium SMS service that would start charging their phone bill over €30 per month.

The victim does not immediately notice the impact of the theft, and the likelihood of it continuing for months before detection is high, with no means to get one’s money back.

How does the GriftHorse Android Trojan work on Android phones?

The Trojans are developed using the mobile application development framework named Apache Cordova. Cordova allows developers to use standard web technologies – HTML5, CSS3, and JavaScript for cross-platform mobile development.

This technology enables developers to deploy updates to apps without requiring the user to update manually.

When installed on Android phones, the malware will flood the users with fraudulent pop-ups and notifications showing fake prizes and special offers.

The configuration for pushing the notifications is received in the response and displayed every one hour five times on Android phones. The motive of this repetitive notification pushing is to grab the user’s attention and navigate to the application.

If a user clicks on the notification, they’ll be asked to enter their phone numbers to claim their winnings, not knowing they are subscribing to expensive premium SMS services.

What makes the GriftHorse campaign really effective though is the amount of work its developers have invested in polishing the malware’s code quality.

To further its reach, the researchers point out that the threat actors behind the malware have put in conscious effort to distribute it across a well-thought-of spread of apps.

“The level of sophistication, use of novel techniques, and determination displayed by the threat actors allowed them to stay undetected for several months,” note the researchers.

Zimperium brought the campaign to Google’s notice, and the infected apps have since been zapped from the Play Store.

The strategy used in the performing the acts

According to Zimperium zLabs, the GriftHorse campaign is one of the most widespread campaigns the zLabs threat research team has witnessed in 2021, and its success is attributable is to a combination of features:

  • Completely undetected and reported by any other AV vendors;
  • More than 200 Trojan applications were used in the campaign;
  • Sophisticated architecture preventing the investigation of the extent of this campaign.
  • No-Reuse policy to avoid the blocklisting of strings.
Infected victim.

The numerical stats reveal that more than 10 million Android phones fell victim to this campaign globally, suffering financial losses while the threat group grew wealthier and motivated with time. And while the victims struggle to get their money back, the cybercriminals made off with millions of Euros through this technically novel and effective Trojan campaign.

Indicators of Compromise

List of Applications

Package NameApp NameMinMax
com.tra.nslat.orpro.htpHandy Translator Pro500,0001,000,000
com.heartratteandpulsetrackerHeart Rate and Pulse Tracker100,000500,000
com.geospot.location.gltGeospot: GPS Location Tracker100,000500,000
com.icare.fin.lociCare – Find Location100,000500,000
my.chat.translatorMy Chat Translator100,000500,000
com.bus.metrolis.sBus – Metrolis 2021100,000500,000
com.free.translator.photo.amFree Translator Photo100,000500,000
com.locker.tul.ltLocker Tool100,000500,000
com.fin.gerp.rint.fcFingerprint Changer100,000500,000
com.coll.rec.ord.erCall Recoder Pro100,000500,000
instant.speech.translationInstant Speech Translation100,000500,000
racers.car.driverRacers Car Driver100,000500,000
slime.simu.latorSlime Simulator100,000500,000
keyboard.the.mesKeyboard Themes100,000500,000
whats.me.stickerWhat’s Me Sticker100,000500,000
amazing.video.editorAmazing Video Editor100,000500,000
sa.fe.lockSafe Lock100,000500,000
heart.rhy.thmHeart Rhythm100,000500,000
com.sma.spot.loca.torSmart Spot Locator100,000500,000
cut.cut.proCutCut Pro100,000500,000
com.offroaders.surviveOFFRoaders – Survive100,000500,000
com.phon.fin.by.cl.apPhone Finder by Clapping100,000500,000
com.drive.bus.bdsBus Driving Simulator100,000500,000
com.finger.print.defFingerprint Defender100,000500,000
com.lifeel.scanandtestLifeel – scan and test100,000500,000
com.la.so.uncher.ioLauncher iOS 15100,000500,000
com.gunt.ycoon.dleIdle Gun Tycoo\u202an\u202c50,000100,000
com.scan.asdnScanner App Scan Docs & Notes50,000100,000
com.chat.trans.almChat Translator All Messengers50,000100,000
com.hunt.contact.roHunt Contact50,000100,000
com.lco.nylcoIcony50,000100,000
horoscope.fortune.comHoroscope : Fortune50,000100,000
fit.ness.pointFitness Point50,000100,000
com.qub.laQibla AR Pro50,000100,000
com.heartrateandmealtrackerHeart Rate and Meal Tracker50,000100,000
com.mneasytrn.slatorMine Easy Translator50,000100,000
com.phone.control.blockspamxPhoneControl Block Spam Calls50,000100,000
com.paral.lax.paper.threParallax paper 3D50,000100,000
com.photo.translator.sptSnapLens – Photo Translator50,000100,000
com.qibl.apas.dirQibla Pass Direction50,000100,000
com.caollerrrexCaller-x50,000100,000
com.cl.apClap50,000100,000
com.eff.phot.oproPhoto Effect Pro10,00050,000
com.icon.nec.ted.trac.keriConnected Tracker10,00050,000
com.smal.lcallrecorderSmart Call Recorder10,00050,000
com.hor.oscope.palDaily Horoscope & Life Palmestry10,00050,000
com.qiblacompasslocatoriqezQibla Compass (Kaaba Locator)10,00050,000
com.proo.kie.phot.edtrProokie-Cartoon Photo Editor10,00050,000
com.qibla.ultimate.quQibla Ultimate10,00050,000
com.truck.roud.offroad.zTruck – RoudDrive Offroad10,00050,000
com.gpsphonuetrackerfamilylocatorGPS Phone Tracker – Family Locator10,00050,000
com.call.recorder.criCall Recorder iCall10,00050,000
com.pikcho.editorPikCho Editor app10,00050,000
com.streetprocarsracingssStreet Cars: pro Racing10,00050,000
com.cinema.hallCinema Hall: Free HD Movies10,00050,000
com.ivlewepapallr.bkragonucdLive Wallpaper & Background10,00050,000
com.in1.tel.ligent.trans.lt.proIntelligent Translator Pro10,00050,000
com.aceana.lyzzerFace Analyzer10,00050,000
com.tueclert.ruercderTrueCaller & TrueRecoder10,00050,000
com.trans.lator.txt.voice.phtiTranslator_ Text & Voice & Photo10,00050,000
com.puls.rat.monikPulse App – Heart Rate Monitor10,00050,000
com.vidphoremangerVideo & Photo Recovery Manager 210,00050,000
online.expresscredit.comБыстрые кредиты 24\710,00050,000
fit.ness.trainerFitness Trainer10,00050,000
com.clip.buddyClipBuddy10,00050,000
vec.tor.artVector arts10,00050,000
ludo.speak.v2Ludo Speak v2.010,00050,000
battery.live.wallpaperhdBattery Live Wallpaper 4K10,00050,000
com.heartrateproxhealthmonitorHeart Rate Pro Health Monitor10,00050,000
com.locatorqiafindlocationLocatoria – Find Location10,00050000
com.gtconacerGetContacter10,00050000
ph.oto.labPhoto Lab10,00050,000
com.phonebosterAR Phone Booster – Battery Saver10,00050,000
com.translator.arabic.enEnglish Arabic Translator direct10,00050,000
com.vpn.fast.proxy.fepVPN Zone – Fast & Easy Proxy10,00050,000
com.projector.mobile.phone100% Projector for Mobile Phone10,00050,000
com.forza.mobile.ult.edForza H Mobile 4 Ultimate Edition10,00050,000
com.sticky.slime.sim.asmr.nwsAmazing Sticky Slime Simulator ASMR\u200f10,00050,000
com.clap.t.findz.m.phoneClap To Find My Phone10,00050,000
com.mirror.scree.n.cast.tvvScreen Mirroring TV Cast10,00050,000
com.frcallworwidFree Calls WorldWide10,00050,000
locator.plus.myMy Locator Plus10,00050,000
com.isalamqciqciSalam Qibla Compass5,00010,000
com.lang.tra.nslate.ltefLanguage Translator-Easy&Fast5,00010,000
com.wifi.unlock.pas.pro.xWiFi Unlock Password Pro X5,00010,000
com.chat.live.stream.pvcPony Video Chat-Live Stream5,00010,000
com.zodiac.handZodiac : Hand5,00010,000
com.lud.gam.eclLudo Game Classic5,00010,000
com.locx.findx.locxLoca – Find Location5,00010,000
com.easy.tv.show.etsEasy TV Show5,00010,000
com.qiblaquranQibla correct Quran Coran Koran5,00010,000
com.dat.ing.app.sw.mtDating App – Sweet Meet5,00010,000
com.circ.leloca.fi.nderR Circle – Location Finder5,00010,000
com.taggsskconattcTagsContact5,00010,000
com.ela.salaty.musl.qiblaEla-Salaty: Muslim Prayer Times & Qibla Direction1,0005,000
com.qiblacompassrtviQibla Compass1,0005,000
com.soul.scanner.check.yhSoul Scanner – Check Your1,0005,000
com.chat.video.live.ciaoCIAO – Live Video Chat1,0005,000
com.plant.camera.identifier.pciPlant Camera Identifier1,0005,000
com.call.colop.chan.ccColor Call Changer1,0005,000
com.squishy.pop.itSquishy and Pop it1,0005,000
com.keyboard.virt.projector.appKeyboard: Virtual Projector App1,0005,000
com.scanr.gdp.docScanner Pro App: PDF Document1,0005,000
com.qrrea.derproQR Reader Pro1,0005,000
com.f.x.key.bo.ardFX Keyboard1,0005,000
photoeditor.frame.comYou Frame1,0005,000
call.record.provCall Record Pro1,0005,000
com.isl.srick.ersFree Islamic Stickers 20211,0005,000
com.qr.code.reader.scanQR Code Reader – Barcode Scanner1,0005,000
com.scan.n.rayBag X-Ray 100% Scanner1,0005,000
com.phone.caller.scrennPhone Caller Screen 20211,0005,000
com.trnsteito.nneappTranslate It – Online App1,0005,000
com.mobthinfindMobile Things Finder1,0005,000
com.piriufffcaerProof-Caller1,0005,000
com.hones.earcy.laofPhone Search by Clap1,0005,000
com.secontranslaproSecond Translate PRO1,0005,000
cal.ler.idsCallerID1,0005,000
com.camera.d.plan3D Camera To Plan5001,000
com.qib.find.qib.diQibla Finder – Qibla Direction5001,000
com.stick.maker.wapsStickers Maker for WhatsApp5001,000
com.qbbl.ldironwachQibla direction watch (compass)5001,000
com.bo.ea.lesss.pianoPiano Bot Easy Lessons5001000
com.seond.honen.umberCallHelp: Second Phone Number5001000
com.faspulhearratmonFastPulse – Heart Rate Monitor5001000
com.alleid.pam.lofhysCaller ID & Spam Blocker5001000
com.free.coupon2021Free Coupons 2021100500
com.kfc.saudi.delivery.couponsKFC Saudi – Get free delivery and 50% off coupons100500
com.skycoach.ggSkycoach100500
com.live.chat.meet.hooHOO Live – Meet and Chat100500
easy.bass.boosterEasy Bass Booster1050
com.coupongiftsnstashopCoupons & Gifts: InstaShop1050
com.finnccontatFindContact1050
com.aunch.erios.drogLauncher iOS for Android1050
com.blo.cced.als.pam.rzdCall Blocker-Spam Call Blocker1050
com.blo.cced.als.pam.rzdCall Blocker-Spam Call Blocker1050
com.ivemobiberckerLive Mobile Number Tracker1050
Total4,287,47017,345,450

For further clarification read more on Zimperium zLab

Share this:

  • Click to share on Twitter (Opens in new window)
  • Click to share on Facebook (Opens in new window)
  • Click to share on WhatsApp (Opens in new window)
  • Click to share on Telegram (Opens in new window)
  • Click to share on LinkedIn (Opens in new window)

Like this:

Like Loading...

Related

Tags: android malwareGriftHorsePremium SMSScamscamwaretrojan
Previous Post

Shortcodes for Vodafone services in Ghana (2021 Updates).

Next Post

Ghana Card: List Of All The NIA Offices for Ghana Card.2021

Next Post
All The NIA Offices for Ghana Card

Ghana Card: List Of All The NIA Offices for Ghana Card.2021

Leave a Reply Cancel reply

Stay Connected test

  • 23.7k Followers
  • 99 Subscribers

Follow Us

Browse by Category

  • About
  • Advertise
  • Privacy & Policy
  • Contact

© 2022 M4links Tech

No Result
View All Result
  • General Tech
  • Apple
  • Google
  • Startup
  • iOS
  • Gadget
  • Mobile
  • TELCOS
  • Movie
  • HOW TOS.
  • Video Review

© 2022 M4links Tech

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.
 

Loading Comments...
 

    %d bloggers like this: