Login Register

Dark Herring malware targeted over 105M android users in an app subscription fraud globally

By Dr.Dang March 21, 2022, 9:42 p.m.
Dark Herring malware targeted over 105M android users in an app subscription fraud globally

A sophisticated new malware, dubbed Dark Herring, was discovered by mobile device security experts at Zimperium zLabs. The malware that was found in over 470 Android apps targeted users globally to drain their money, aided by a code aimed to trick users to subscribe for a faux service and pay $15 through Direct Carrier Billing. 105M users were victims of this according to reports.

Dark Herring malware targeted over 105M android users in an app subscription fraud globally

A sophisticated new malware, dubbed Dark Herring, was discovered by mobile device security experts at Zimperium zLabs. The malware that was found in over 470 Android apps targeted users globally to drain their money, aided by a code aimed to trick users to subscribe for a faux service and pay $15 through Direct Carrier Billing. 105M users were victims of this according to reports.

Direct Carrier Billing had a drawback of  users only finding out they pay the $15 when the monthly bill comes around, making victims rarely able to react on time and enabling the scammers to walk away with quite a bit of money with the reports saying that they managed to cash out months after the initial infection. Supposedly,  they could’ve sucked up hundreds of millions of dollars before winding up.

The big question remained as how was Dark Herring able to stay hidden for so long? Research had it that its a very sophisticated malware using few layers of anti-detection and code obfuscation. Even though it was spread across 470 apps, it worked slightly different in each one.

Instead of the apps having malicious code embedded in them, they had an encrypted string which would lead the user out to a WebView page hosted on an Amazon CloudFont server. While the page asked the user to confirm their login by entering their phone numbers, Dark Herring worked inthe background to disclose the country, language, and which Direct Carrier Billing it should latch onto.

Behind the malware

So, the walk away of the actors behind the malware showed a ton of preliminary investing and infrastructure planning. This only meant that it was a well funded operation, probably rehearsing  on the next piece of malware currently.

The infected apps by Dark Herring Malware were generally innocent games, photo editors and effect applications. You can always check out the full list of affected apps here. This brings the big question: how to protect ourselves against this type of malware?

It was noted that Dark Herring was quite adept at avoiding antivirus apps but it does ask the user to go beyond what’s reasonable to create a new account for an app. For example, if you download Offroad Jeep Simulator and the game tells you it needs your phone number to keep playing, that’s a sure sign that you should delete it immediately.

some people are naive

And while we’re sure of our readers are quite aware of this, it’s a pretty good time to remind ourselves  that there are those around us that are not so savvy.  Kids can be so naive  and enticed by screenshots to try a game and quickly give out phone number with the thought of the normal “two factor things” we are used to while the elderly will just do whatever the screen says.

Be sure to educate and remind the neighbours to not tap messages that insists on giving out phone numbers and never to enter phone numbers in the apps aside Whatsapp and Viber. Recently, a lot people that were not so tech-savvy in the past have found themselves behind the digital world of ours.

Sadly enough, this has also lead to more bad actors popping up, trying to exploit the less experienced. And, in the case of Dark Herring, some of them are obviously well-funded and super organized.

Do you find this content interesting?
This is just a MIRROR ! Find us via our Main TOR domain
http://noirnewsvytq5amwtmakwpw7ioxxdggub273wn4uqamshcmvsfezwgid.onion/
And Let us know by leaving a comment and a rating.

Also, don't forget to follow our Official Telegram Channel to stay informed and safe by Reading  NOIRdotNEWS

0 Comments

Please visit our onion version to comment.