Skip to main content

Hundreds of scam apps caused a surprise $42 monthly charge to land on millions of Android users' wireless bills

By
Android smartphone

Nicolas Economou/NurPhoto/Getty Images

  • Millions of Android users were plagued by scam apps that placed charges on their wireless bills.
  • Users were tricked by a fake prize into providing their phone numbers, Zimperium reported.
  • Google says that all of the apps identified by Zimperium have been removed from the Play Store.
  • See more stories on Insider's business page.

A massive scamming campaign recently plagued the Google Play Store, affecting millions of Android users.

The scam took place via more than 200 apps run by attackers to scam money from its downloaders, security firm Zimperium reported.

Zimperium, a member of the Google App Defense Alliance which scans applications before publishing in the Google Play Store, estimates that 10 million Android users globally were affected by this scam.

The applications posed as seemingly normal downloads, hiding under facades like "Photo Effect Pro," "Daily Horoscope & Life Palmestry," and "Free Coupons 2021." The apps would notify downloaders that they won a prize and would redirect them to enter their phone number on a specific webpage.

However, by entering their information, users were actually submitting their phone number to an SMS service that would start charging their phone bill about $42 per month.

"Forensic evidence of this active Android Trojan attack, which we have named GriftHorse, suggests that the threat group has been running this campaign since November 2020," Zimperium stated in their findings. "These malicious applications were initially distributed through both Google Play and third-party application stores."

Scams like GriftHorse take advantage of small screens, local trust, and misinformation to trick users into falling for their scams and downloading their apps, Zimperium explained. They also prey on "frustration or curiosity" when they try to accept their fake prize. According to Zimperium, the "level of sophistication, use of novel techniques, and determination" of the threat actors had allowed them to remain undetected.

Google says that all of the apps identified by Zimperium have been removed and the developers of the apps have been banned, but the scam will have lasting effects, WIRED reported. Android users who have not stopped the charges have faced unwanted additions to their wireless bill of over $230.

To prevent scams, the Federal Communications Commission recommends consumers "think twice" before clicking any links and to report any unusual activity. If you sent money to a scammer, the Federal Trade Commission recommends your report the payment right away to reverse the transaction before filing a report with the FTC who can build a case against the scammers.

Read the original article on Business Insider


from Business Insider https://ift.tt/3onEqbM
via IFTTT
Labels:

Comments

Post a Comment

Popular posts from this blog

Instagram accidentally reinstated Pornhub’s banned account

By
After years of on-and-off temporary suspensions, Instagram permanently banned Pornhub’s account in September. Then, for a short period of time this weekend, the account was reinstated. By Tuesday, it was permanently banned again. “This was done in error,” an Instagram spokesperson told TechCrunch. “As we’ve said previously, we permanently disabled this Instagram account for repeatedly violating our policies.” Instagram’s content guidelines prohibit  nudity and sexual solicitation . A Pornhub spokesperson told TechCrunch, though, that they believe the adult streaming platform’s account did not violate any guidelines. Instagram has not commented on the exact reasoning for the ban, or which policies the account violated. It’s worrying from a moderation perspective if a permanently banned Instagram account can accidentally get switched back on. Pornhub told TechCrunch that its account even received a notice from Instagram, stating that its ban had been a mistake (that message itself w
Post a Comment
Read more

Colorado police identified the serial killer who murdered 4 women 40 years ago after exhuming his body to analyze a DNA sample

By
A scientist examines computer images of DNA models. Getty Images Police in Colorado have cracked the cold cases of four women killed 40 years ago. Denver PD said genetic genealogy and DNA analysis helped them identify the serial killer. He had died by suicide in jail in 1981. DNA from his exhumed body matched evidence from the murders. Police in Colorado have cracked the code on four murder cases that went unsolved for 40 years, using DNA from the killer's exhumed body. The cases pertain to four women killed in the Denver metro area between 1978 and 1981. They were 33-year-old Madeleine Furey-Livaudais, 53-year-old Dolores Barajas, 27-year-old Gwendolyn Harris, and 17-year-old Antoinette Parks. The four women were stabbed to death. Denver Police Commander Matt Clark said in a press conference Friday that there was an "underlying sexual component" to the murders but didn't elaborate further. In 2009, a detective reviewed Parks' case and picked several p
Post a Comment
Read more

Axeleo Capital raises $51 million fund

By
Axeleo Capital has raised a $51 million fund (€45 million). Axeleo first started with an accelerator focused on enterprise startups. The firm is now all grown up with an acceleration program and a full-fledged VC fund. The accelerator is now called Axeleo Scale , while the fund is called Axeleo Capital . And it’s important to mention both parts of the business as they work hand in hand. Axeleo picks up around 10 startups per year and help them reach the Series A stage. If they’re doing well over the 12 to 18 months of the program, Axeleo funds those startups using its VC fund. Limited partners behind the company’s first fund include Bpifrance through the French Tech Accélération program, the Auvergne-Rhône-Alpes region, Vinci Energies, Crédit Agricole, BNP Paribas, Caisse d’Épargne Rhône-Alpes as well as various business angels and family offices. The firm is also partnering with Hi Inov, the holding company of the Dentressangle family. Axeleo will take care of the early stage in
Post a Comment
Read more