A large Android subscription fraud scheme has been identified to steal consumers’ money actively.
The “Dark Herring” campaign, discovered by cybersecurity experts from Zimperium zLabs, includes around 470 applications, all of which may be accessible in the official Google Play Store.
The majority of these applications fall under the entertainment category, and some of them have given “premium” features to registered users in exchange for their registration. Account-holders will be invoiced up to $15 via Direct Carrier Billing if they do not cancel their registration (DCB).
No malware present
DCB is a mobile payment mechanism that enables users to pay for online items by charging the purchase to their phone plan account. It implies that consumers who download these applications will not know that they have been charged until their phone bill comes in the mail.
Furthermore, since these applications may still be utilized and many individuals do not examine the specifics of their phone bills, the researchers speculate that the charge may have continued for many months in certain cases.
Also check: Oklahomans could see the transformation in grocery tax
Because these applications do not necessarily include malware, it was rather difficult to determine whether or not the fraud had occurred.
According to reports, several victims were unaware that they had been illegally charged on their credit cards for many months before realizing what had happened.
On the other hand, these applications were downloaded on 105 million smartphones in 70 countries across the globe. According to the experts, this adds to Dark Herring being the longest-running mobile SMS scam ever detected.
Here are a few examples of the applications that were utilized in the campaign:
- Smashex
- Upgradem
- Stream HD
- Vividly Vibe
- Cast It
- My Translator Pro
- New Mobile
- Games
- Smashex
- Upgradem
- Stream HD
- Vividly Vibe
- Cast It
- My Translator Pro
- StreamCast
- Pro Ultra Stream
- Photograph Labs Pro
- StreamCast Ultra
- Stream Photograph Labs Pro
According to researchers from Zimperium, the operators have gotten away with “hundreds of millions” of money so far this year.