Security News > 2022 > January > ‘Dark Herring’ Billing Malware Swims onto 105M Android Devices
Nearly 500 malicious apps lurking on the Google Play Store have successfully installed Dark Herring malware - a cash-stealer intended to add sneaky charges onto mobile carrier bills - on more than 100 million Android devices across the globe.
Dark Herring malware was discovered by a research team with Zimperium, who estimate the amount the campaign has been able to steal totals in the hundreds of millions, in increments of $15 a month per victim.
"The download statistics reveal that more than 105 million Android devices had this malware installed, falling victim to this campaign globally, potentially suffering incalculable financial losses," Zimperium's report said.
The Zimperium analysts who identified Dark Herring said that the scamware is likely the work of a new group, which uses novel techniques and infrastructure.
Dark Herring's triumph was the result of a combination of savvy tactics, the analysts said; namely, the use of geo-targeting to deliver the application in the victim's native language.
The group behind Dark Herring also managed to stand up 470 high-quality applications that passed official app store muster, which demonstrates that this is a sophisticated operation, analysts noted.
News URL
https://threatpost.com/dark-herring-billing-malware-android/178032/
Related news
- Android malware uses NFC to steal money at ATMs (source)
- New NGate Android malware uses NFC chip to steal credit card data (source)
- Cybercriminals Deploy New Malware to Steal Data via Android’s Near Field Communication (NFC) (source)
- New Android Malware NGate Steals NFC Data to Clone Contactless Payment Cards (source)
- SpyAgent Android malware steals your crypto recovery phrases from images (source)
- New Android SpyAgent Malware Uses OCR to Steal Crypto Wallet Recovery Keys (source)
- Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide (source)
- New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram (source)
- New Vo1d malware infects 1.3 million Android TV streaming boxes (source)
- New Vo1d malware infects 1.3 million Android streaming boxes (source)