Skip to content

Android Users Are Being Charged Hundreds After Clicking on This Message

This scam has already affected upwards of 10 million Android users.

Most smartphone users are aware of the risks that come from downloading or clicking on something whose origins aren't quite clear. But the latest scam, which has been brewing since the end of 2020, may even fool the most tech-savvy among us. Hackers are targeting the 2.5 billion Android users around the world and have already managed to scam millions of them out of hundreds of dollars on their phone bills by having them click on an enticing, seemingly innocuous message. Read on to find out what to avoid saying "yes" to in order to make sure you don't fall victim to this new scam.

RELATED: Android Users Are Being Targeted in This New Text Message Scam.

Android users have been charged hundreds of dollars on their phone bills after providing their phone number to hackers unknowingly.

businesswoman reading a utility bill while working remotely from home.

Hackers recently launched a major scamming campaign using the Google Play Store, mobile security company Zimperium reported on Sept. 29. According to the company, scammers looking to steal from Android users created more than 200 seemingly harmless apps and made them available in the Play Store. Once these scam apps were downloaded, a message would pop up on the app to notify the user that they had won a prize, prompting them to enter their phone number to claim it. But the attackers were instead having the Android users submit their phone number to an SMS service that charged their phone bill around $42 per month.

"Forensic evidence of this active Android Trojan attack, which we have named GriftHorse, suggests that the threat group has been running this campaign since November 2020," Zimperium said. As a result, some of the first users attacked may have already been charged more than $400 at this point, if they have not already realized the issue and contacted their SIM operator to remove the fraudulent service.

Ten million Android users may have already been affected by this scam.

Two women are holding smartphones in their hands. Smartphone remote applications concept

According to Zimperium, it is estimated that the scam may have already affected around 10 million Android users globally. "The campaign is exceptionally versatile, targeting mobile users from 70-plus countries by changing the application's language and displaying the content according to the current user's IP address," Zimperium explained.

The security firm said that GriftHorse has also likely already been able to generate hundreds of millions of stolen money from victims so far. "The cumulative loss of the victims adds up to a massive profit for the cybercriminal group," the company confirmed.

RELATED: And for more security tips and tricks sent right to your inbox, sign up for our daily newsletter.

Google says the scam apps have now been removed from the Play Store.

New york, USA - May 22, 2017: Viber app icon on modern smartphone display close-up around other android applications

Zimperium listed a number of apps that were used by the attackers, who were able to target users through seemingly normal and harmless apps under names like "Amazing Video Editor," "Scanner App Scan Docs & Notes," and "Daily Horoscope & Life Palmestry."

Google told Wired that all of the apps Zimperium identified have been removed from the Play Store and those app developers have been subsequently banned. "It's really a carpet-bombing effect when it comes to the quantity of apps. One might be successful, another might not be, and that's fine," Richard Melick, Zimperium's director of product strategy for end-point security, told Wired.

But experts warn that the scam apps might still be visible to users.

woman using android phone from behind

Unfortunately, according to Zimperium, these apps are still available through third-party app stores, meaning Android users can still easily download them onto their devices. The researchers told Wired that Google taking the applications down from the Play Store certainly helped slow the GiftHorse campaign, but it's unlikely that it is gone completely.

"These attackers are organized and professional. They set this up as a business, and they're not just going to move on," Shridhar Mittal, Zimperium's CEO, told Wired. "I'm certain this was not a one-time thing."

RELATED: If You Get This Email From Amazon, Delete It Immediately.

Kali Coleman
Kali Coleman is a Senior Editor at Best Life. Her primary focus is covering news, where she often keeps readers informed on the ongoing COVID-19 pandemic and up-to-date on the latest retail closures. Read more
Filed Under