Online criminals have used Trojan apps to sign up victims for subscriptions and looted hundreds of millions of euros, according to security researchers.

More than 200 legitimate-looking apps infected with malicious code have crept into the Google Play store and victims were signed up for paid subscriptions without noticing it. The malicious campaign has affected more than 10 million Android users worldwide.

At first glance, the apps in Google Play and other app stores for Android do not look suspicious. However, malicious code is supposed to become active after installation, signing the victims up for subscriptions. In some cases for 30 euros per month. All of this is happening in the background.

Since many of these apps are installed on hundreds of thousands of devices or more, the profits made by the attackers probably add up to several hundred million euros.

Google has now removed the Trojan apps from the Google Play store, but some apps do still appear in third-party stores. A list of the apps affected has been published by security researchers.

Zimperium researchers Aazim Yaswant & Nipun Gupta, who have been tracking the GriftHorse malware for months, described it as “one of the most widespread campaigns the zLabs threat research team has witnessed in 2021.”