It has affected more than 100 million users globally. The Dark Herring scam has used 470 apps from the Google Play store and caused a loss of millions of USD. The malware-infected apps were installed by around 105 million users in 70 countries. The premium services cost about $15 per month via a mechanism called Direct Carrier Billing (DCB).
470 Android Apps Infected with Dark Herring Subscription Scam
DCB is a mobile payment option that allows people to buy digital content from Play Store; it is charged to their mobile phone bills. The users realized the fraud charges later, around a few months after infection. The main issue with DCB is that you only find out what you paid when your monthly bill comes. So, victims don’t know when they are scammed. The scammers steal quite a bit of money. Zimperium zLabs, a Google partner and a member of Google App Defense Alliance, discovered the “Dark Herring.” They tackle the malware problem on Play Store. The researchers say it is very sophisticated malware; it uses a few layers of anti-detection and code obfuscation. It worked differently in each app it was spread to. The page asked users to confirm their login by entering their phone numbers. In the background, Dark Herring was working to check the country, language, and which billing it should use. According to Zimperium, India is at a higher risk of such fraud. The most popular Dark Herring apps are:
Smashex Upgradem Stream HD Vidly Vibe Cast It My Translator Pro New Mobile Games StreamCast Pro Ultra Stream Photograph Labs Pro VideoProj Lab Drive Simulator Speedy Cars – Final Lap Football Legends Football HERO 2021 Grand Mafia Auto Offroad Jeep Simulator Smashex Pro Racing City Connectool City Bus Simulator 2
To check out all the apps visit, this GitHub page.