More than 100 million Android users have fallen victim to a malicious program, which has spread across hundreds of apps on the Google Play Store, for expensive subscription services without their knowledge.
The scam campaign has been dubbed “Dark Herring,” with scammers using 470 apps on the Google Play store to infect 105 million Android users worldwide. The operation was launched in early March 2020, with victims secretly enrolled in expensive subscription services that have been charged more than £11 a month. Dark Herring is believed to have cost Android users hundreds of millions of pounds in total.
Android users in 70 countries have fallen victim to deception after downloading hacked apps spreading fraud from the official Google Play store.
The most popular Android apps that publish Dark Herring have been carried several million times, with City Bus Simulator 2, Drive Simulator, Football HERO 2021 and Stream HD among the affected programs.
Zimperium security experts discovered the Dark Herring scam. The company is a Google partner and a member of Google’s App Defense Alliance that works to address the malware threat on the Play Store.
Instead of trying to charge for a credit or debit card associated with the Play Store, the money is paid for virtual subscriptions via DCB’s direct payment system.
This payment method allows people to add the cost of digital content purchased through the Play Store to the carrier’s monthly bill.
Using this payment method for fake subscriptions, it means that victims may not realize they were charged for something they didn’t want until weeks later.
Explaining its findings online, Zimperium said: “These malicious Android apps seem harmless when looking at the store description and required permissions, but this false sense of trust changes when users are charged monthly for the premium service they don’t receive via direct carrier billing. Unlike many other malicious apps that do not offer functionality, the victim can use these apps, which means they are often left installed on phones and tablets long after the initial installation.”
At the time of publication of its research, Zimperium said all malicious apps had been removed from the Google Play Store, along with phishing sites and associated fraud services.
And if you’re wondering if you’re in danger, here’s a list of the 21 most popular apps found in the Google Play Store, and used to spread fraud:
– Stream HD.
– Vidly Vibe.
– Cast It.
– My Translator Pro.
– New Mobile Games.
– StreamCast Pro.
– Ultra Stream.
– Photograph Labs Pro.
– VideoProj Lab.
– Drive Simulator.
– Speedy Cars – Final Lap.
– Football Legends.
– Football HERO 2021.
– Grand Mafia Auto.
– Offroad Jeep Simulator.
– Smashex Pro.
– Racing City.
– City Bus Simulator 2.
And if you already installed these apps before you deleted them, you’ll still be at risk even though these other apps have been removed from the Google Play Store, and check if these apps have registered any expensive subscriptions without realizing it. And you’ll be able to do this in the Profile section of the Google Store app, under Payments and Subscriptions. After unsubscribe any suspicious subscriptions, be sure to delete the malicious app from your device altogether.