Android ran a “fleece ware” malware campaign that involved around 470 Android apps. Play Store platform. Such programs have been downloaded approximately 105 million times by smartphones across the entire globe. According to the report by the security company Zimperium, the criminal action may have succeeded in stealing hundreds of millions of dollars.
Read more: Whatsapp: Find out what happens when you mute someone on the app
see more
Alert: THIS poisonous plant landed a young man in the hospital
Google develops AI tool to help journalists in…
Called “Dark Herring” by Zimperium researchers, the campaign started about two years ago, with its oldest performance recorded in March 2020. Fleece ware is based on apps that use the free trial period to make undue charges, even if the user has uninstalled the app.
In the report that was released by the company, the 470 applications acted as promised, running as games, productivity tools, photo filters, etc. However, they also directed users to deceptive web pages, which were adapted to the users' languages in order to generate credibility.
Such pages asked people to enter their phone numbers, to simulate a “verification”. However, this was nothing more than a registration for frequent charges that cost an average of US$ 15 (about R$81) each month, through Direct Carrier Billing (DCB).
DCB is a payment alternative that allows Internet users to purchase digital content on the Play Store. With this, the amount is charged from the prepaid balance or directly from the postpaid account. There were installations of the fraudulent apps in 70 countries, including Brazil. However, due to the lack of laws that protect the consumer against these types of direct undue billing scams via the operator, many were unable to recover the stolen money.
According to the researchers of the Dark Herring malware campaign, the action is one of the most prolonged and successful ever carried out. This occurred both because of the large number of Android applications involved and because of the high amount extorted.
Its way of working is similar to how Apple Pay and Google Pay work. However, charges appear on the user's phone bill, not an Apple, Google, or bank account. Therefore, instead of cleaning the money, as a banking trojan would, Dark Herring searches the person's mobile carrier account for frequent extra fees that the user may not have got that.
The apps themselves are not dangerous. That's because they don't attack phones, and they don't contain any malicious code. That's how maybe these apps managed to pass the Play Store's malware checks.
Such apps are no longer on the Google Play Store, but can still be located elsewhere on the internet, according to Zimperium. The company is one of Google's partners and a member of the Google App Defense Alliance, which aims to solve malware problems in the Play Store.
In this GitHub list, you can check if any app installed on your Android is one of these malicious apps. To perform the search you must open the page in a desktop browser, press Ctrl+F and type the name of a suspicious application.
Would you like to see more content like this? Enough click here!