Over 100 million Android phones hit with malicious apps that steal your money — what to do
Over 100 million Android phones hit with malicious apps that steal your money — what to do
An Android "fleeceware" campaign has been discovered that began most two years agone, involved about 470 apps in the Google Play store that were downloaded at least 105 meg times, and may have stolen hundreds of millions of dollars from phone users all over the world.
Researchers at security business firm Zimperium have named the campaign "Dark Herring." In a written report posted yesterday (January. 26), they explained that the apps themselves actually worked as promised — as games, entertainment apps, productivity tools, photo filters and so on.
(Some other malware app, unrelated to Dark Herring, was found in the Google Play store a day after.)
But the apps also sent many users to deceptive spider web pages, tailored to the users' languages and countries of residence. Those pages asked users to enter their phone numbers for "verification," merely in fact signed the users up to recurring charges that averaged $xv per month — a lot of coin in some parts of the world.
The Zimperium researchers chosen Nighttime Herring "ane of the almost extensive and successful malware campaigns by mensurate of the sheer number of applications" that they had seen in 2021.
"The total amount of money scammed out of unsuspecting users could ... be well into the hundreds of millions of dollars," they added.
How to avert and go rid of these malicious apps
The malicious apps are now gone from the Google Play shop, but they can still exist found in "off-road" app markets, co-ordinate to Zimperium. You'll desire to avoid installing one, and if you have i on your telephone already, you'll want to uninstall information technology.
There's a full list of the Nighttime Herring-related apps on this web page. Unfortunately, the list isn't in whatever detail order.
Your best bet is to load that listing in a desktop web browser, hit Control-F on your keyboard, and search for the names of any apps on your telephone (or in an app store) of which you may take doubts.
If yous get a lucifer on the name, you can confirm whether it's really the aforementioned app by using the package proper name to the left of the proper name — it's the text string that begins "com." (Many Android apps have identical or similar names, but package names are unique.)
On an app store, you lot can spot it because the packet proper name is often part of the URL of the app's listing page. And if you recall i of these apps is on your phone, and so copy and paste this URL into your desktop web browser's address bar:
https://play.google.com/store/apps/details?id=
... simply don't hit Enter or Return just yet. Instead, and so copy the suspicious app's package name from the listing of Dark Herring apps. Paste the package name onto the end of the URL, after the equal sign, and then hit Return or Enter.
If you get a mostly blank Google Play page saying "We're sorry, the requested URL was not plant on this server," then the app has been removed from Google Play. Uninstall information technology from your telephone.
If y'all get a regular app page, then the app isn't involved in this malware campaign and you can go along it on your phone.
How the Dark Herring fleeceware entrada works
Dark Herring operates by abusing direct carrier billing, a feature common in many countries past which phone users can purchase concrete items or digital services using their phones.
Functionally, straight carrier billing is similar to Apple Pay or Google Pay, except that the charges show upwardly on the user'due south phone pecker instead of an Apple or Google account.
Instead of cleaning out a user's cash, as a cyberbanking Trojan would practice to a bank balance, Nighttime Herring simply milks the user'south mobile-carrier account, tacking on extra recurring charges that the user might not notice. (A cynic would argue that many landline and mobile carriers already practice something similar.)
Function of the subterfuge is that the Dark Herring apps aren't bogus and work every bit advertised then that the user won't detect anything awry.
"Different many other malicious applications that provide no functional capabilities, the victim can use these applications," Zimperium's report said, "meaning they are oftentimes left installed on the phones and tablets long after initial installation."
Again, the apps themselves don't assail the phones and don't contain any manifestly malicious code, which is probably how they were able to get past Google Play's malware checks. In fact, many of the best Android antivirus apps' malware-detection engines didn't flag them either when nosotros checked the apps' hashes in Virus Total at the time of this writing.
Instead, the apps download additional scripts that determine the language each telephone is set to and in which country the phone is located — suspicious but neither malicious nor unusual. That information is uploaded to a control-and-control server that makes a decision on whether to try to con the user.
If the decision is yes, the app and so loads a malicious website, matching the user's land and language, that asks the user to submit a telephone number "for verification."
"Users are mostly more comfortable with sharing data to a website in their local language," Zimperium wrote. "But in reality, they are submitting their phone number to a Direct Carrier Billing service that begins charging them an average of $15 USD per calendar month."
Victims of Night Herring were detected in more than lxx countries beyond the planet, including nearly every country in the Americas, Europe, Oceania and East Asia.
However, users in about a dozen and a half countries, mostly in the Center East, Southward Asia, Scandinavia and the Baltic states, were especially vulnerable "due to the lack of consumer [protections] from these types of Direct Carrier Billing scams," wrote Zimperium.
Source: https://www.tomsguide.com/news/dark-herring-android-fleeceware
Posted by: walkercaphistry51.blogspot.com
0 Response to "Over 100 million Android phones hit with malicious apps that steal your money — what to do"
Post a Comment