Researchers at Zimperium have uncovered that more than 10 million Android users have been infected by malicious apps distributing fleeceware named GriftHorse. Fleeceware is categorized as a trojanized application that subscribes victims to premium app services that cost the victim money. More than 130 apps on the Google Play Store have been identified as spreading this malware. GriftHorse rode onto the scene in November of last year, and by now, “the total amount stolen could be well into the hundreds of millions of Euros,” according to Zimperium researchers, with each victim paying upwards of $40 per month. Google has taken action against the apps that were identified by removing them from the Play Store, but the malware is far from controlled. The malware can still live on devices that have the apps installed as well as being distributed through new apps. The malicious apps create pop-ups on a user’s device telling them they have won a prize. This happens no less than five times an hour until the user gets annoyed and clicks on the pop-up. From there, the malware creators have crafted the malware to use geolocation to customize the displayed webpage to the victim’s location. This allows the malware to be active in over 70 countries because the scam is changed based on the victims’ locations and can be changed to match their language. The redirect page asks targets to submit their phone numbers for “verification.” In reality, typing in the numbers merely subscribes them to a premium SMS service that charges $42 on average per month (€36), which will show up on their phone bills.