Millions of Android users have been robbed by Play Store apps

Android launched a “fleece Ware” malware campaign that included around 470 Android apps. Plataforma Play Store. These programs have been downloaded about 105 million times by smartphones around the world. Security firm Zimperium reports that the criminal case may have been successful in stealing hundreds of millions of dollars.

Read more: Whatsapp: Know what happens when you mute someone in the app

Dubbed “Dark Herring” by Zimperium researchers, the campaign started about two years ago, and recorded its oldest performance in March 2020. Fleece Ware is based on apps that use the free trial period to charge unnecessary fees. , even if the user has uninstalled the application.

In the report released by the company, the 470 apps behaved as promised, serving as games, productivity tools, photo filters, etc. However, they also directed users to misleading web pages, which were adapted to the languages ​​of Internet users to generate credibility.

These pages ask people to enter their phone numbers to simulate a “check.” However, this was nothing more than a record of recurring billing which costs an average of $15 (about R$81) per month, through your carrier’s direct billing (DCB).

The campaign was successful despite its vastness

DCB is a payment alternative that allows internet users to purchase digital content from the Play Store. With this, the balance amount prepaid or directly is charged to the postpaid account. There have been fraudulent app installs in 70 countries, including Brazil. However, due to the lack of laws protecting the consumer against these types of fraud for improper collection directly through the operator, many have not been able to recover the stolen funds.

According to researchers from the Dark Herring malware campaign, the procedure is one of the most protracted and successful ever. This was due to the large number of Android apps involved and the high value that was extorted.

The way it works is similar to how Apple Pay and Google Pay work. However, the fees originate from the user’s phone bill, not the Apple, Google, or bank account. So instead of scanning money like a banking Trojan, Dark Herring looks at a person’s carrier account for recurring surcharges that the user might not even notice.

Leave no trace on the Play Store platform

The applications themselves do not pose any danger. This is because they do not attack phones, and they do not contain any malicious code. So these apps may have been able to pass the Play Store malware tests.

Such apps are no longer in the Google Play Store, but can still be found elsewhere on the Internet, according to Zimperium. The company is a Google partner and a member of the Google App Defense alliance that aims to solve malware problems in the Play Store.

In this list on GitHub, you can check if any app installed on your Android device is one of these malicious apps. To perform the search, you must open the page in the desktop browser, press Ctrl + F and type the name of the suspicious application.

Would you like to see more content like this? Adequate click here!