‘Dark Herring’ Subscription Fraud Targeted 105 Million Android Users

Android users got no break; most of the scams targets Android OS only.  For two years, a subscription scam called “Dark Herring” for Android is operating.

It has affected more than 100 million users globally. The Dark Herring scam has used 470 apps from the Google Play store and caused a loss of millions of USD.

The malware-infected apps were installed by around 105 million users in 70 countries. The premium services cost about $15 per month via a mechanism called Direct Carrier Billing (DCB).

470 Android Apps Infected with Dark Herring Subscription Scam

Dark Herring Fraud scam

DCB is a mobile payment option that allows people to buy digital content from Play Store; it is charged to their mobile phone bills. The users realized the fraud charges later, around a few months after infection.

The main issue with DCB is that you only find out what you paid when your monthly bill comes. So, victims don’t know when they are scammed. The scammers steal quite a bit of money.

Zimperium zLabs, a Google partner and a member of Google App Defense Alliance, discovered the “Dark Herring.” They tackle the malware problem on Play Store.

The researchers say it is very sophisticated malware; it uses a few layers of anti-detection and code obfuscation. It worked differently in each app it was spread to.

The infected apps didn’t have malicious code embedded in them. Instead, they had encrypted string, which leads the users out to the WebView page hosted on the Amazon CloudFront server.

The page asked users to confirm their login by entering their phone numbers. In the background, Dark Herring was working to check the country, language, and which billing it should use.

According to Zimperium, India is at a higher risk of such fraud. The most popular Dark Herring apps are:

  • Smashex
  • Upgradem
  • Stream HD
  • Vidly Vibe
  • Cast It
  • My Translator Pro
  • New Mobile Games
  • StreamCast Pro
  • Ultra Stream
  • Photograph Labs Pro
  • VideoProj Lab
  • Drive Simulator
  • Speedy Cars – Final Lap
  • Football Legends
  • Football HERO 2021
  • Grand Mafia Auto
  • Offroad Jeep Simulator
  • Smashex Pro
  • Racing City
  • Connectool
  • City Bus Simulator 2

To check out all the apps visit, this GitHub page.

The post ‘Dark Herring’ Subscription Fraud Targeted 105 Million Android Users appeared first on Tech Viral.

Leave a Reply

Your email address will not be published. Required fields are marked *

Subscribe to our Newsletter