A new type of scamware, dubbed "Dark Herring" by Google App Defense Alliance member Zimperium zLabs, has been swimming onto 470 different applications on the Google Play Store for nearly two years now.
According to Beeping Computer an, estimated 105 million Android users' phones worldwide may be infected, which results in hundreds of millions of dollars in total losses since it first appeared in March 2020.
Dark Herring Explained
Scamware is a sort of malware (malicious software) that is used to trick consumers into purchasing undesirable software.
Pop-up adverts informing you that your computer has been infected with a virus and that you must click a link to purchase software to remedy the problem is the most typical example of scamware.
Dark Herring is a clever subscription campaign that uses a mechanism known as Direct Carrier Billing (DCB), which is widely known among cellular phone service providers to deceive people into signing up for recurring monthly bills.
The scamware campaign cause each of its victim up to $15 per month.
The issue has since been addressed by removing the 470 harmful apps from the Play Store.
Although the scam services are down at the moment, users who have the apps already installed are still vulnerable.
The global campaign carried out its activities up until November last year.
How it works
The hackers behind this global-scale malware used savvy techniques, such as geo-targeting, to make the application appear in the user's native language, which is a key factor in the campaign's success, as well as social engineering methods that target the user's susceptibility to share personal data with a website that is displayed in their native language.
The idea is that users are more likely to accept to information demands from websites in their own language.
After being redirected to the webpage, users are then asked to verify their identity by providing their cell phone number.
Users, on the other hand, are unaware that they are signing up for direct carrier billing rather than validating their identification.
With that, the billing will continue as the application stays on users' mobile phone.
Most of the apps target by the scamware were in the "Entertainment" category, which is a bigger and more popular area. Photography applications, casual games, utilities, and productivity apps were among the popular Dark Herring apps.
Beeping Computer also reported that Dark Herring apps with millions of downloads are: Cast It, Connectool, Drive Simulator, Football Legends, Grand Mafia Auto, My Translator Pro, New Mobile Games, Offroad Jeep Simulator, Photograph Labs Pro, Racing City, Smashex, Smashex Pro, Speedy Cars - Final Lap, Stream HD, StreamCast Pro, Ultra Stream, Upgradem, VideoProj Lab, and Vidly Vibe.
Meanwhile, Kilgore News Herald reported that there could be a large-scale class action lawsuit if evidence emerges that specific app stores or technology companies were negligent and allowed the scam to operate-even inadvertently.
Investigations are ongoing to determine what compensation may be available for the victims.
Dark Herring is not the first scamware to be discovered; however, it is unusual in terms of its sophistication and the number of people who have been impacted.
In 2021, 10 million victims globally were impacted by GriftHorse, a massive mobile premium service abuse campaign.