Blog

Dark Herring Subscription Scam Affected Millions Of Android Users

Feb 10, 2022 | Blog

Google partner Zimperium zLabs has recently discovered a sophisticated scam targeting more than 100 million Android users. The scam has been in operation right under Google’s nose for nearly two years.

The scam has now been shut down by Google but while it was in operation, it spanned some 470 Android apps on the Play Store. It was quietly subscribing users who installed the infected apps to a premium service that charged $15 USD per month through Direct Carrier Billing (DCB).

The decision to leverage DCB is both brilliant and terrifying.  It’s a legitimate mobile payment option that allows people to pay for digital content from the Play Store either via their pre-paid balance or post-paid with a bill.

Oftentimes, a user would be subscribed to a premium service for months before they noticed.  While that was happening, the scammers behind the attack (dubbed Dark Herring by the group that discovered it) were raking in profits from some 106 million Android users spread over more than 70 different countries.

Each of the hundreds of different apps that were infected with the malware had a different identifier. That means the scammers were able to track (with some granularity) which apps were bringing them in the most illicit profits.

One thing that this attack really underscored is how hard it is to stop something like this that has a global footprint.  Consumer protection laws vary wildly from one country to the next. So while users in some countries may have legal recourse, users in most other countries have no protection at all.  They’re simply out the money.

In any case kudos to the folks at Zimperium for their sharp eyes and to Google for taking swift action to dismantle the campaign.  Unfortunately, the fact that it’s now defunct is small consolation to the millions who lost money while it existed.

FBI Program Tasked with Infrastructure Security Compromised

FBI Program Tasked with Infrastructure Security Compromised

The FBI program tasked with ensuring critical infrastructure security has been compromised by hackers, who now offer access to the program's data on the dark web. The breach was initially disclosed by Brian Krebs of Krebs on Security, who claims that the data was for...

Streamline Your Business with the Latest Smart Home Technology

Streamline Your Business with the Latest Smart Home Technology

Are you a business owner looking to get the most out of your Google smart home devices? If so, you're in luck! Google has enabled its Nest products and Android OS with the initial rollout of the Matter smart home standard. This means that businesses now have the...

Data Breach at Sequoia One Exposes Sensitive Customer Information

Data Breach at Sequoia One Exposes Sensitive Customer Information

What do you do when your most personal information has been compromised? This is likely the question that customers of Sequoia One asked themselves earlier this month as they were informed that the company had been hacked. Sequoia One specializes in the management of...

Cisco Reports Critical IP Phone Vulnerability

Cisco Reports Critical IP Phone Vulnerability

As a business owner, it's important to stay informed about potential vulnerabilities that could impact your organization. Recently, Cisco reported a critical vulnerability, tracked as CVE-2022-20968, affecting its IP Phone 7800 and 8800 Series. This new vulnerability...

Google Chrome Releases Two New Features

Google Chrome Releases Two New Features

Google Chrome is one of the more commonly used web browsers. Over the years, though, Chrome has gained a reputation for utilizing a large portion of a computer's memory. This can be a problem if you're running other resource-intensive tasks and don't want to slow...

Get a Free Consultation

 

Fill out the form below to receive a free consultation and learn how we can make your technology worry-free!

 

Contact Information

  • 39301 Badger Street, Suite 500
    Palm Desert, CA 9221
  • (760) 333-8523
  • info@icn.tech