A new cyber scam, Dark Herring, has already affected 105 million Android mobile device users who installed apps that turned out to be malicious that charge up to $15 a month for fictitious ‘premium’ services without their knowledge.
The campaign, discovered by the cybersecurity company Zimperium, is distributed through applications that do not arouse suspicion since they are operational, but that charge their users for services that they do not offer without their knowledge through their telephone bill.
The first applications belonging to the Dark Herring campaign began to be published from March 2022, making it one of the longest running scams of its kind, according to Zimperium. In total, 470 implicated apps have been identified, published until November 2021.
In most cases (38.9 percent) the applications were published in the entertainment category of the Play Store, followed by tool (8.3%), photography (8.3%), racing (7.7% ) and productivity (7%).
These apps, published through Google Play and other third-party app platforms, have since been removed from Google’s official library, but they still remain in third-party libraries and may continue to be installed on devices that have downloaded them.
In total, 105 million Android mobile users from 70 different countries have downloaded the malicious applications with Dark Herring, which are charged an average of 15 dollars per month for fake ‘premium’ services. The most affected European countries have been the Nordic and Baltic countries, Greece and Bulgaria.
In many cases, victims may not even realize the scam until they receive a bill from their phone operator, as the app only needs the phone number to sign up. The sophistication of the attack has also delayed discovery by official platforms, according to Zimperium.