‘Dark Herring’ Billing Malware Swims onto 105M Android Devices


Thread author
Staff member
Malware Hunter
Jul 27, 2015
Nearly 500 malicious apps lurking on the Google Play Store have successfully installed Dark Herring malware — a cash-stealer intended to add sneaky charges onto mobile carrier bills — on more than 100 million Android devices across the globe. That’s quite a school of fish.

Dark Herring malware was discovered by a research team with Zimperium, who estimate the amount the campaign has been able to steal totals in the hundreds of millions, in increments of $15 a month per victim. Google has since removed all 470 malicious applications from the Play Store, and the firm said the scam services are down, but any user with one of the apps already installed could still be actively victimized down the road. The apps are still available in third-party app stores too. Consumers across the world, particularly in under-banked areas, rely on direct carrier billing (DCB) as a mobile payment method, which adds charges for non-telecom services onto a consumer’s monthly phone bill. It’s a juicy target for adversaries.