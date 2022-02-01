Android ran a “fleece ware” malware campaign that involved around 470 Android apps. Play Store platform. Such programs have been downloaded approximately 105 million times by smartphones around the globe. According to the report by the security company Zimperium, the criminal action may have been successful in the theft of hundreds of millions of dollars.

Called “Dark Herring” by researchers at Zimperium, the campaign began about two years ago, with its oldest performance recorded in March 2020. Fleece ware is based on applications that use the free trial period to make undue charges. , even if the user has uninstalled the app.

In the report that was released by the company, the 470 apps acted as promised, running as games, productivity tools, photo filters, etc. However, they also directed users to misleading web pages, which were adapted to the languages ​​of Internet users to generate credibility.

Such pages asked people to enter their phone numbers, to simulate a “check”. However, this was nothing more than a registration for frequent billing that cost an average of US$ 15 (about R$81) each month, through Direct Carrier Billing (DCB).

The campaign was successful despite extensive

DCB is a payment alternative that allows Internet users to purchase digital content on the Play Store. With this, the amount of the prepaid balance is charged or directly to the postpaid account. There were installations of the fraudulent apps in 70 countries, including Brazil. However, due to the lack of laws that protect the consumer in the face of these types of scams of improper collection directly via the operator, many were unable to recover the stolen money.

According to researchers from the Dark Herring malware campaign, the action is one of the most protracted and successful ever undertaken. This was due to both the large number of Android applications involved and the high value extorted.

Its way of acting is similar to how Apple Pay and Google Pay work. However, charges arise from the user’s phone bill, not an Apple, Google, or bank account. So instead of wiping the money like a banking trojan would, the Dark Herring looks at the person’s mobile carrier account for frequent extra fees that the user may not have noticed.

Leaving no traces on the Play Store platform

The apps themselves pose no danger. That’s because they don’t attack phones, and they don’t contain any malicious code. So maybe these apps were able to pass the Play Store malware checks.

Such apps are no longer on the Google Play Store, but they can still be found elsewhere on the internet, according to Zimperium. The company is one of Google’s partners and a member of the Google App Defense Alliance, which aims to solve malware problems in the Play Store.

In this list on GitHub, you can check if any app installed on your Android is one of these malicious apps. To perform the search you must open the page in a desktop browser, press Ctrl+F and type the name of a suspicious application.

