'Dark Herring' Fraud Subscription Stole 105 Million Android Users' Money: Here's How
"Dark Herring" was discovered by Zimperium zLabs, a Google partner and Google App Defense Alliance's member
Android users just can't catch a break. Turns out, a subscription scam has been operating on Google's Android OS for about two years.
Called "Dark Herring", the subscription scam used 470 Google Play Store apps and affected more than 100 million users around the world. According to Bleeping Computer, its total losses could run into hundreds of millions.
The fraudulent apps were installed by about 105 million users in 70 countries, subscribing downloaders to so-called premium services that cost about $15 per month (?1,124) through a mechanism called Direct Carrier Billing that allows users to buy goods and services by charging to their mobile phone bills.
"Dark Herring" was discovered by Zimperium zLabs, a Google partner and Google App Defense Alliance's member.
Also read: This Android Malware Is Erasing Smartphones After Stealing Money From Bank Accounts
India is among the countries at greatest risk of such fraud, according to Zimperium. The apps used by Dark Herring's propagators include the following:
- Smashex
- Upgradem
- Stream HD
- Vidly Vibe
- Cast It
- My Translator Pro
- New Mobile Games
- StreamCast Pro
- Ultra Stream
- Photograph Labs Pro
- VideoProj Lab
- Drive Simulator
- Speedy Cars ¨C Final Lap
- Football Legends
- Football HERO 2021
- Grand Mafia Auto
- Offroad Jeep Simulator
- Smashex Pro
- Racing City
- Connectool
- City Bus Simulator 2
The entire list of 470 Android apps carrying Dark Herring may be accessed on this GitHub page, as highlighted by Bleeping Computer.
Also read: Hackers Tricked 300,000 Android Users To Steal Passwords: Here's How
Most of these apps pose as premium entertainment subscription services. Your best bet against such malicious apps is to always check whether the app has the Google safety badge. In addition, always check the developer name and reviews of the app before hitting download. If any app demands your phone number, make sure it is a legit application before giving them the information.
Have you installed any of these apps on your Android smartphone? Let us know if you were affected by such apps in the comments below. For more in the world of technology and science, keep reading Indiatimes.com.
References
Toulas, B. (2022, January 27). 105 million Android users targeted by subscription fraud campaign. BleepingComputer.