November 23, 2022

Fraudulent apps continue to rob people even after being removed from the Google Store


Illustrative photo/tomsguide

It’s no secret that in the Play Store malicious developers distribute scam apps that can steal information, data or even money from users. Even after being removed from the store, such apps can continue to rob people.

Specialists of

Zimperium zLabs, a cybersecurity company, spoke of a fraudulent campaign black herring. Within the framework of the latter, 470 malicious apps were distributed through the Play Store. Some of them continue to steal from people despite being removed from the official Google store.

How apps keep stealing from people

Most of Dark Herring’s programs were entertainment, and all encouraged users to sign up for “premium” services. When a user signed up, the mobile operator deducted money from his personal account (relatively small amounts – up to $15) using DCB (Direct Carrier Billing) technology.

Reference: Direct Carrier Billing is billing directly through the carrier. It is basically an online mobile payment method that allows users to make purchases by charging directly from their mobile account through the operator.

The target audience for the attack was postpaid mobile subscribers who actually use the DCB payment system. They didn’t even suspect that the programs were “paid for” at least until they received a bill from the operator. In some cases, it was not even a one-time payment, but a subscription with regular withdrawal of funds.

It should be noted that the attackers approached the issue with a lot of resources. There was no malicious code in their apps, and therefore it was not easy to detect a massive fraudulent attack. Some of the victims, the researchers noted, only paid attention to suspicious overspending after a few months.

In general, the programs in the list have been downloaded 105 million times by users from 70 countries. Zimperium zLabs called Dark Herring’s fraudulent campaign one of the longest in history. Google has already removed all of these apps from the Play Store, although many of them are still available in third-party app stores.

Interesting: Experts believe the attackers have already won hundreds of this project millions of dollars.