Aggressive Android GriftHorse Malware Affecting 10 Million Users from 70 Countries – How to Prevent Phone Malware

Stay extra cautious!

Don’t easily give your personal information!

Don’t click on suspicious links!

This would be a general list of advice to stay safe online. It’s also perfectly available for the latest major GriftHorse malware scheme. This sneaky mobile malware has started in November 2020 and worked its way via infected Android apps. Google Play store just recently removed the suspicious apps that seem to have affected around 10 million users from nearly 70 countries.

Let’s uncover the details of GriftHorse malware and find out how to stay away from these highly infectious digital tricks.

The Clever Social Engineering Scheme Behind GriftHorse Malware

GriftHorse malware targeted its victims through innocent-looking apps anyone can download from Google Play Store.

Upon installation, users were greeted with sweepstakes pop-ups and ‘special prize’ notifications. Users had to type in their phone numbers when clicking on these to become eligible for the prize. This is the key moment when users were unknowingly signing up for an SMS service that charged $35 (or more)/month. This money ended up, of course, in GriftHorse gang’s pockets, with an estimated income of between $1.5 million and $4 million every month.

Here’s a sneak peek behind GriftHorse malware MO:

      • Android users accept the invitation for the prize.
      • GriftHorse malware makes a thorough selection and sends users location-targeted pages based on their IP address.
      • These redirect pages are translated into users’ local language, covering catchy sales phrases.
      • GriftHorse operators carefully generated the pages, so security solutions won’t uncover the malware technique and avoid having them blacklisted.

This is a typical SMS Trojan malware with an incredibly good disguise.

How to Recognize Mobile Malware

Like all types of malware, mobile (particularly Android) malware is deceptive, so knowing how to spot it is quite a useful skill these days. It’s not even that hard as long as you know what you’re dealing with.

They typically have one of these two approaches:

      • tricks you into granting permissions to malware attackers, so they can access your sensitive information;
      • exploit vulnerabilities in your phones, getting access to sensitive information by gaining administrator rights.

Check out the typical signs that your phone has malware:

      • You see ads constantly.
      • You install an app, and soon, the icon disappears.
      • Your battery is draining much faster than usual.
      • You see apps you don’t recognize on your phone.

6 Common Types of Phone Malware

1. Mobile banking Trojan

A Trojan banking virus displays its own interface, perfectly mimicking the banking app’s or payment service’s interface; when the user enters credentials, the malware collects bank login and password details.

2. Ransomware

Attackers encrypt and “lock out” important user’s files like documents, photos and videos. They request users to pay a ransom (usually in some form of cryptocurrency) to get their files back.

3. Spyware

Malware operators get information about you through monitoring software gaining access to your device without your knowledge. Spyware can track and sell your personal information or grab your credit card details.

4. Adware

Attackers track your browser history and downloads to see what products or services you’re interested in; the adware then shows you ads for the same or related products, luring you to click or make a purchase.

5. MMS scams

Cybercriminals exploit text-based communication, such as sending a text message embedded with malware to any mobile number. Even if users didn’t open or acknowledge the text, the malware could still infiltrate the phone’s system, allowing attackers access to your mobile device.

6. SMS Trojan

Some collect fake clicks on ads, others promise to remove ads from interrupting your phone activity or intercept text messages; regardless of their form, the aim is to either get your financial information or trick you into downloading a malicious app after paying a fee.

How to Keep Malware Away from Your Phone

Malware can be disorienting and messy. They don’t just get in the way of your typical phone habits and manner of use, but they’re hunting and grabbing important data. Ideally, you shouldn’t have to deal with malware in the first place.

Check these tips to keep malware away from your system:

  1. Keep your software up to date

    Cybersecurity specialists always stress the idea of keeping your operating system up to date. Outdated software isn’t always as harmless as you’d think. That’s why you’d better not skip any update notification – an important and easy step you can do to prevent malware or other malicious programs.

  2. Set spam filters to reduce unwanted emails

    Whenever you receive unwanted or suspicious emails, simply mark them as “Spam” or “Junk” (depending on which word your email provider uses) and delete them. Your email provider will start identifying them and know how to deal with them in the future.

  3. Use 2FA for your important accounts

    The 2FA adds a second security layer to your credentials; you receive a token through a text message on your phone or by email. Even if your phone gets infected with malware, at least attackers won’t be able to access your accounts and thus, grab personal or sensitive information, like banking credentials.

  4. Use a good antivirus

    For your PC, use a good antivirus. CyberGhost VPN has teamed up with Intego – reliable antivirus software that offers real-time protection with automatic scans. Intego finds malware and viruses before they start infecting your device and removes them completely.


What is malware?

Malware (short for malicious software) is an intrusive software that cybercriminals create to steal data or damage devices. They often come disguised as legitimate apps and target your banking information, device information, email and contact list, or phone number and email address.

What is Trojan malware?

Trojan – malicious software disguising itself as legitimate software. They can appear as a Java or Flash Player update upon download. Controlled by third parties, Trojan can be used to access sensitive information such as Social Security numbers and credit card information.

How to get rid of phone malware?

Uninstall any suspicious apps on your phone. If you believe an app is infected, better delete it immediately. Close your phone and re-open it in safe mode. Additional tip: never download apps from third-party app stores, mainly anything other that Google Play Store, in the case of Android phones. Even if malicious apps can still infiltrate within Google, at least you have a legitimate company you can report to.

Can iPhones get malware?

They can, but the chances are pretty slim. Due to their enclosed sandbox systems, iPhones don’t get hit by viruses or malware. The situation changes though if you don’t regularly update your operating system. This situation creates a potentially open door for malware to sneak into your phone.


Did you ever suspect your phone has malware? What were the signs?

Let me know in the comments below.

Leave a comment

Write a comment

Your email address will not be published. Required fields are marked*