As with most malware campaigns this one relies on social engineering to spread.

The first stage of the infection process is that the hackers have to get their malicious apps past the gatekeepers of the Google Play Store and other third-party app vendors.

This part is purely a numbers game but the hackers behind Grifthorse are pretty good at it. Grifthorse code has been found in more than 200 apps on the Play Store alone.

Once the poisoned apps are in position the next goal is to trick users into subscribing to paid services without their knowledge. So far the campaign has managed to steal hundreds of millions of dollars from their victims. Even worse is that in many cases users are unwittingly signed up for recurring payments that can add up quickly unless the victims are watching their accounts closely.

Zimperium's researchers had this to say about the malware strain:

"Zimperium zLabs recently discovered an aggressive mobile premium services campaign with upwards of 10 million victims globally, and the total amount stolen could be well into the hundreds of millions of Euros.

... one of their first victims, if they have not shut off the scam, has lost more than €200 at the time of writing. The cumulative loss of the victims adds up to a massive profit for the cybercriminal group," the researcher explained.

The numerical stats reveal that more than 10 million Android users fell victim to this campaign globally, suffering financial losses while the threat group grew wealthier and motivated with time."

Don't take the Grifthorse threat lightly and if you even suspect an infection monitor your accounts closely.

Used with permission from Article Aggregator