2022 is starting strong with malware. It starts with SMS banking scams, continues with a dangerous evolution of BRATA capable of formatting your phone, and now we know, thanks to a report by Secureblink, that there is a new malware affecting 105 million Android phones around the world.

we are going to tell you how does this malware work, which areas it is mainly affecting and how you can avoid getting infected. Infected apps steal your money through subscriptions, so it is quite dangerous.

Dark Herring, or how to steal from you through subscriptions

Depending on the country you live in, your language and its flag appear to enter your phone number.

Dark Herring is the name of this malware discovered by Zimperium Labs. Researchers have reported more than 105 million victims around the world, quite a high number. The amount of money scammed, according to the report, is “hundreds of millions of dollars”, a large-scale malware that signs the user up for premium services.

Almost 470 apps of this type were present in the Play Store, thus affecting millions of users

It’s about apps that were present in the Google Play Store itself, as well as some third-party stores. From Zimperium Labs they have reported the malware to Google, who has eliminated the apps that have been reported, although there may be quite a few still undiscovered. At the time of publication of this article, The phishing sites to which the apps led have been taken down, although nothing prevents its reactivation in different URLs.

Areas where the malware has affected.

This campaign has targeted more than 70 countries, including Spain. After infecting the device, the app communicates with the server, exposes the victim’s IP address, and directs them to a phishing website based on their IP. So they can take you to a page in your language, wherever you are.

After completing the data, send the numbers to a direct billing service which charges an average of 15 dollars per month, without the possibility of unsubscribing from the service since that address is no longer accessible nor is the process allowed in reverse.

The malware was perfectly distributed, with a presence in almost all categories of the Google Play Store.

The researchers indicate that About 470 apps were published on the Play Store with this malware, an alarming figure that once again brings to the table how relatively easy it is to upload malicious apps to the Google store. The strategy was to distribute the apps in the different categories of the Play Store, making tracking them even more difficult.

As we always indicate, never enter your phone on suspicious websites, and less when an app asks you to. Except for messaging apps that need the number to create a profile, it is always advisable to avoid giving our data.

Via | secureblink