A mobile security firm Zimperium has discovered that the GriftHorse malware subscribes users to premium SMS services since at least November 2020. Security researchers have also shared details about a malware strain that has reportedly infected more than 10 million Android devices across more than 70 countries. Zimperium researchers Aazim Yashwant and Nipun Gupta issued a statement in a joint blog post. They described GriftHorse as one of the most widespread campaigns they’ve tracked this year. The malware would have helped the gang mint hundreds of millions of Euros. The researchers also pointed out that the malware is distributed through benign-looking apps that are listed on the official Google Play Store as well as on third-party Android app stores. The malware will inundate the users with fraudulent pop-ups and notifications handing out fake prizes and special offers after installation.
They will be to enter their phone numbers to claim their winnings, if a user clicks on the notification, inadvertently subscribing to expensive premium SMS services. What makes the GriftHorse campaign really effective though is the amount of work its developers have invested in polishing the malware’s code quality. The researchers said that the threat actors behind the malware have put in conscious effort to distribute it across a well-thought-of spread of apps. They said, “The level of sophistication, use of novel techniques, and determination displayed by the threat actors allowed them to stay undetected for several months”. Zimperium brought the campaign to Google’s notice and the infected apps have since been zapped from the Play Store. Moreover, cybersecurity researchers have demonstrated possible security issues in Visa and Apple payment mechanisms that could make fraudulent contactless mobile payments.
The researchers from the University of Birmingham and the University of Surrey used a locked iPhone to make a payment via NFC exploiting an Apple Pay feature called Express Transit, aimed to work with Visa to help commuters pay quickly at ticket barriers. The researchers successfully tricked an iPhone to make a Visa payment without unlocking the phone or explicitly authorizing the payment. Apple said the matter was an issue with Visa’s payment system. Visa countered the research and said that its payments were secure and this type of attack couldn’t be replicated outside of the lab in the real world. The hack involves the use of a small commercially available piece of radio equipment, which is placed near the iPhone to trick it into believing it is dealing with a ticket barrier. An Android phone running a custom app developed by the researchers is used to relay signals from the iPhone to any contactless payment terminal.