GriftHorse: Ερευνητές ασφάλειας ανακάλυψαν ένα νέο κακόβουλο λογισμικό (malware) που έχει μολύνει περισσότερα από 10 εκατομμύρια Android smartphones σε περισσότερες από 70 χώρες από τον Νοέμβριο του 2020.
Το malware παράγει εκατομμύρια δολάρια για τους χειριστές του σε μηνιαία βάση.
Ανακαλύφθηκε από την εταιρεία ασφάλειας κινητών Zimperium. Το νέο κακόβουλο λογισμικό ονομάζεται GriftHorse και διανεμήθηκε μέσω εφαρμογών που ανέβηκαν στο επίσημο Google Play Store.
Εάν κάποιος εγκαταστήσει μια από τις κακόβουλες εφαρμογές, το GriftHorse αρχίζει να εμφανίζει αναδυόμενα παράθυρα και ειδοποιήσεις που προσφέρουν διάφορα βραβεία και ειδικές προσφορές.
Αν τώρα ο χρήστης ανοίξει κάτι από αυτά ανακατευθύνεται σε μια διαδικτυακή σελίδα που του ζητάει να επιβεβαιώσει τον τηλεφωνικό του αριθμό για να έχει πρόσβαση στην προσφορά.
Στην πραγματικότητα όμως οι χρήστες που δίνουν τον αριθμό τους, εγγράφονται σε premium υπηρεσίες SMS που χρεώνουν πάνω από 30€ το μήνα, χρήματα που εισπράττουν φυσικά οι διαχειριστές του GriftHorse.
Οι ερευνητές της Zimperium, Aazim Yaswant & Nipun Gupta, οι οποίοι παρακολουθούν το κακόβουλο λογισμικό GriftHorse εδώ και μήνες, το περιγράφουν σαν “μια από τις πιο διαδεδομένες εκστρατείες που έχει δει η ερευνητική ομάδα απειλών της zLabs το 2021”.
“Το επίπεδο πολυπλοκότητας, και η χρήση νέων τεχνικών από τους κακόβουλους χρήστες τους επέτρεψε να μείνουν απαρατήρητοι για αρκετούς μήνες”, αναφέρουν οι Yaswant και Gupta.
Με βάση όσα έχουν δει μέχρι τώρα, οι ερευνητές εκτιμούν ότι η συμμορία του GriftHorse κερδίζει από 1,2 έως 3,5 εκατομμύρια ευρώ το μήνα.
Παρακάτω υπάρχει μια τεράστια λίστα εφαρμογών που διανέμουν το GriftHorse:
List of Applications
| Package Name | App Name | Min | Max |
| com.tra.nslat.orpro.htp | Handy Translator Pro | 500,000 | 1,000,000 |
| com.heartratteandpulsetracker | Heart Rate and Pulse Tracker | 100,000 | 500,000 |
| com.geospot.location.glt | Geospot: GPS Location Tracker | 100,000 | 500,000 |
| com.icare.fin.loc | iCare – Find Location | 100,000 | 500,000 |
| my.chat.translator | My Chat Translator | 100,000 | 500,000 |
| com.bus.metrolis.s | Bus – Metrolis 2021 | 100,000 | 500,000 |
| com.free.translator.photo.am | Free Translator Photo | 100,000 | 500,000 |
| com.locker.tul.lt | Locker Tool | 100,000 | 500,000 |
| com.fin.gerp.rint.fc | Fingerprint Changer | 100,000 | 500,000 |
| com.coll.rec.ord.er | Call Recoder Pro | 100,000 | 500,000 |
| instant.speech.translation | Instant Speech Translation | 100,000 | 500,000 |
| racers.car.driver | Racers Car Driver | 100,000 | 500,000 |
| slime.simu.lator | Slime Simulator | 100,000 | 500,000 |
| keyboard.the.mes | Keyboard Themes | 100,000 | 500,000 |
| whats.me.sticker | What's Me Sticker | 100,000 | 500,000 |
| amazing.video.editor | Amazing Video Editor | 100,000 | 500,000 |
| sa.fe.lock | Safe Lock | 100,000 | 500,000 |
| heart.rhy.thm | Heart Rhythm | 100,000 | 500,000 |
| com.sma.spot.loca.tor | Smart Spot Locator | 100,000 | 500,000 |
| cut.cut.pro | CutCut Pro | 100,000 | 500,000 |
| com.offroaders.survive | OFFRoaders – Survive | 100,000 | 500,000 |
| com.phon.fin.by.cl.ap | Phone Finder by Clapping | 100,000 | 500,000 |
| com.drive.bus.bds | Bus Driving Simulator | 100,000 | 500,000 |
| com.finger.print.def | Fingerprint Defender | 100,000 | 500,000 |
| com.lifeel.scanandtest | Lifeel – scan and test | 100,000 | 500,000 |
| com.la.so.uncher.io | Launcher iOS 15 | 100,000 | 500,000 |
| com.gunt.ycoon.dle | Idle Gun Tycoo\u202an\u202c | 50,000 | 100,000 |
| com.scan.asdn | Scanner App Scan Docs & Notes | 50,000 | 100,000 |
| com.chat.trans.alm | Chat Translator All Messengers | 50,000 | 100,000 |
| com.hunt.contact.ro | Hunt Contact | 50,000 | 100,000 |
| com.lco.nylco | Icony | 50,000 | 100,000 |
| horoscope.fortune.com | Horoscope : Fortune | 50,000 | 100,000 |
| fit.ness.point | Fitness Point | 50,000 | 100,000 |
| com.qub.la | Qibla AR Pro | 50,000 | 100,000 |
| com.heartrateandmealtracker | Heart Rate and Meal Tracker | 50,000 | 100,000 |
| com.mneasytrn.slator | Mine Easy Translator | 50,000 | 100,000 |
| com.phone.control.blockspamx | PhoneControl Block Spam Calls | 50,000 | 100,000 |
| com.paral.lax.paper.thre | Parallax paper 3D | 50,000 | 100,000 |
| com.photo.translator.spt | SnapLens – Photo Translator | 50,000 | 100,000 |
| com.qibl.apas.dir | Qibla Pass Direction | 50,000 | 100,000 |
| com.caollerrrex | Caller-x | 50,000 | 100,000 |
| com.cl.ap | Clap | 50,000 | 100,000 |
| com.eff.phot.opro | Photo Effect Pro | 10,000 | 50,000 |
| com.icon.nec.ted.trac.ker | iConnected Tracker | 10,000 | 50,000 |
| com.smal.lcallrecorder | Smart Call Recorder | 10,000 | 50,000 |
| com.hor.oscope.pal | Daily Horoscope & Life Palmestry | 10,000 | 50,000 |
| com.qiblacompasslocatoriqez | Qibla Compass (Kaaba Locator) | 10,000 | 50,000 |
| com.proo.kie.phot.edtr | Prookie-Cartoon Photo Editor | 10,000 | 50,000 |
| com.qibla.ultimate.qu | Qibla Ultimate | 10,000 | 50,000 |
| com.truck.roud.offroad.z | Truck – RoudDrive Offroad | 10,000 | 50,000 |
| com.gpsphonuetrackerfamilylocator | GPS Phone Tracker – Family Locator | 10,000 | 50,000 |
| com.call.recorder.cri | Call Recorder iCall | 10,000 | 50,000 |
| com.pikcho.editor | PikCho Editor app | 10,000 | 50,000 |
| com.streetprocarsracingss | Street Cars: pro Racing | 10,000 | 50,000 |
| com.cinema.hall | Cinema Hall: Free HD Movies | 10,000 | 50,000 |
| com.ivlewepapallr.bkragonucd | Live Wallpaper & Background | 10,000 | 50,000 |
| com.in1.tel.ligent.trans.lt.pro | Intelligent Translator Pro | 10,000 | 50,000 |
| com.aceana.lyzzer | Face Analyzer | 10,000 | 50,000 |
| com.tueclert.ruercder | TrueCaller & TrueRecoder | 10,000 | 50,000 |
| com.trans.lator.txt.voice.pht | iTranslator_ Text & Voice & Photo | 10,000 | 50,000 |
| com.puls.rat.monik | Pulse App – Heart Rate Monitor | 10,000 | 50,000 |
| com.vidphoremanger | Video & Photo Recovery Manager 2 | 10,000 | 50,000 |
| online.expresscredit.com | Быстрые кредиты 24\7 | 10,000 | 50,000 |
| fit.ness.trainer | Fitness Trainer | 10,000 | 50,000 |
| com.clip.buddy | ClipBuddy | 10,000 | 50,000 |
| vec.tor.art | Vector arts | 10,000 | 50,000 |
| ludo.speak.v2 | Ludo Speak v2.0 | 10,000 | 50,000 |
| battery.live.wallpaperhd | Battery Live Wallpaper 4K | 10,000 | 50,000 |
| com.heartrateproxhealthmonitor | Heart Rate Pro Health Monitor | 10,000 | 50,000 |
| com.locatorqiafindlocation | Locatoria – Find Location | 10,000 | 50000 |
| com.gtconacer | GetContacter | 10,000 | 50000 |
| ph.oto.lab | Photo Lab | 10,000 | 50,000 |
| com.phoneboster | AR Phone Booster – Battery Saver | 10,000 | 50,000 |
| com.translator.arabic.en | English Arabic Translator direct | 10,000 | 50,000 |
| com.vpn.fast.proxy.fep | VPN Zone – Fast & Easy Proxy | 10,000 | 50,000 |
| com.projector.mobile.phone | 100% Projector for Mobile Phone | 10,000 | 50,000 |
| com.forza.mobile.ult.ed | Forza H Mobile 4 Ultimate Edition | 10,000 | 50,000 |
| com.sticky.slime.sim.asmr.nws | Amazing Sticky Slime Simulator ASMR\u200f | 10,000 | 50,000 |
| com.clap.t.findz.m.phone | Clap To Find My Phone | 10,000 | 50,000 |
| com.mirror.scree.n.cast.tvv | Screen Mirroring TV Cast | 10,000 | 50,000 |
| com.frcallworwid | Free Calls WorldWide | 10,000 | 50,000 |
| locator.plus.my | My Locator Plus | 10,000 | 50,000 |
| com.isalamqciqc | iSalam Qibla Compass | 5,000 | 10,000 |
| com.lang.tra.nslate.ltef | Language Translator-Easy&Fast | 5,000 | 10,000 |
| com.wifi.unlock.pas.pro.x | WiFi Unlock Password Pro X | 5,000 | 10,000 |
| com.chat.live.stream.pvc | Pony Video Chat-Live Stream | 5,000 | 10,000 |
| com.zodiac.hand | Zodiac : Hand | 5,000 | 10,000 |
| com.lud.gam.ecl | Ludo Game Classic | 5,000 | 10,000 |
| com.locx.findx.locx | Loca – Find Location | 5,000 | 10,000 |
| com.easy.tv.show.ets | Easy TV Show | 5,000 | 10,000 |
| com.qiblaquran | Qibla correct Quran Coran Koran | 5,000 | 10,000 |
| com.dat.ing.app.sw.mt | Dating App – Sweet Meet | 5,000 | 10,000 |
| com.circ.leloca.fi.nder | R Circle – Location Finder | 5,000 | 10,000 |
| com.taggsskconattc | TagsContact | 5,000 | 10,000 |
| com.ela.salaty.musl.qibla | Ela-Salaty: Muslim Prayer Times & Qibla Direction | 1,000 | 5,000 |
| com.qiblacompassrtvi | Qibla Compass | 1,000 | 5,000 |
| com.soul.scanner.check.yh | Soul Scanner – Check Your | 1,000 | 5,000 |
| com.chat.video.live.ciao | CIAO – Live Video Chat | 1,000 | 5,000 |
| com.plant.camera.identifier.pci | Plant Camera Identifier | 1,000 | 5,000 |
| com.call.colop.chan.cc | Color Call Changer | 1,000 | 5,000 |
| com.squishy.pop.it | Squishy and Pop it | 1,000 | 5,000 |
| com.keyboard.virt.projector.app | Keyboard: Virtual Projector App | 1,000 | 5,000 |
| com.scanr.gdp.doc | Scanner Pro App: PDF Document | 1,000 | 5,000 |
| com.qrrea.derpro | QR Reader Pro | 1,000 | 5,000 |
| com.f.x.key.bo.ard | FX Keyboard | 1,000 | 5,000 |
| photoeditor.frame.com | You Frame | 1,000 | 5,000 |
| call.record.prov | Call Record Pro | 1,000 | 5,000 |
| com.isl.srick.ers | Free Islamic Stickers 2021 | 1,000 | 5,000 |
| com.qr.code.reader.scan | QR Code Reader – Barcode Scanner | 1,000 | 5,000 |
| com.scan.n.ray | Bag X-Ray 100% Scanner | 1,000 | 5,000 |
| com.phone.caller.screnn | Phone Caller Screen 2021 | 1,000 | 5,000 |
| com.trnsteito.nneapp | Translate It – Online App | 1,000 | 5,000 |
| com.mobthinfind | Mobile Things Finder | 1,000 | 5,000 |
| com.piriufffcaer | Proof-Caller | 1,000 | 5,000 |
| com.hones.earcy.laof | Phone Search by Clap | 1,000 | 5,000 |
| com.secontranslapro | Second Translate PRO | 1,000 | 5,000 |
| cal.ler.ids | CallerID | 1,000 | 5,000 |
| com.camera.d.plan | 3D Camera To Plan | 500 | 1,000 |
| com.qib.find.qib.di | Qibla Finder – Qibla Direction | 500 | 1,000 |
| com.stick.maker.waps | Stickers Maker for WhatsApp | 500 | 1,000 |
| com.qbbl.ldironwach | Qibla direction watch (compass) | 500 | 1,000 |
| com.bo.ea.lesss.piano | Piano Bot Easy Lessons | 500 | 1000 |
| com.seond.honen.umber | CallHelp: Second Phone Number | 500 | 1000 |
| com.faspulhearratmon | FastPulse – Heart Rate Monitor | 500 | 1000 |
| com.alleid.pam.lofhys | Caller ID & Spam Blocker | 500 | 1000 |
| com.free.coupon2021 | Free Coupons 2021 | 100 | 500 |
| com.kfc.saudi.delivery.coupons | KFC Saudi – Get free delivery and 50% off coupons | 100 | 500 |
| com.skycoach.gg | Skycoach | 100 | 500 |
| com.live.chat.meet.hoo | HOO Live – Meet and Chat | 100 | 500 |
| easy.bass.booster | Easy Bass Booster | 10 | 50 |
| com.coupongiftsnstashop | Coupons & Gifts: InstaShop | 10 | 50 |
| com.finnccontat | FindContact | 10 | 50 |
| com.aunch.erios.drog | Launcher iOS for Android | 10 | 50 |
| com.blo.cced.als.pam.rzd | Call Blocker-Spam Call Blocker | 10 | 50 |
| com.blo.cced.als.pam.rzd | Call Blocker-Spam Call Blocker | 10 | 50 |
| com.ivemobibercker | Live Mobile Number Tracker | 10 | 50 |
| Total | 4,287,470 | 17,345,450 |
