More than 10 million Android devices have been infected with apps containing Trojan horses and trying to extort money, according to security firm Zimperium. More than 200 applications with Trojans have been discovered and are said to have stolen millions of euros.

When an infected app was installed, users were shown dozens of notifications about a prize they supposedly won. According to researchers Pop-ups will appear up to five times an hour until they are clicked. The user was then redirected to a landing page asking to provide the phone number. When they did, they subscribed to a paid SMS service that sometimes charged €36 per month. This landing page is adapted to the local language derived from the IP address.

The GriftHorse Trojan has been named and reported in more than 70 countries. According to Zimperium researchers, the gang behind the campaign has been going on since November of last year and has devised ingenious ways to go undetected.

The gang released the infected apps to the Google Play Store and alternative app stores for Android in a variety of categories. For example, a translation app, a racing game, and an app for heart rate monitoring have been found. More than twenty apps from the list have been downloaded more than 100,000 times. The most common infected application, according to the researchers, was Handy Translator Pro. Google was notified and all infected apps have since been removed from the Google Play Store.