Researchers Unearth SMS-Based Android Malware Called 'Dark Herring'

The researchers at Zimperium zLabs have uncovered a new malware that has impacted millions of users. The team at zLabs has named this malware "Night Herring," deeming it the longest-running mobile SMS scam. There have been a total of 105 meg victims around the world, according to the squad.

In a detailed report published on its official website, zLabs researchers particular how this malware affects Android users. It has some fundamental differences from traditional malware applications. Dark Herring masks itself within a normal-looking app to keep up pretenses. In fact, users can fifty-fifty use these apps frequently. By doing this, the cybercriminals ensure the apps remain on the device long afterward the initial installation.

Some of these malicious apps were reportedly published on the Play Store and third-party app hubs. Thankfully, the zLabs squad sent the report'south findings to Google and other relevant web hosts. Non long after, the malicious apps were removed entirely in a "coordinated takedown."

"At the time of publishing, the scam services and phishing sites are no longer agile, and Google has removed all the malicious applications from Google Play," the research team notes. The malware impacted 470 Android applications.

The team didn't take precise information on how much money may have been scammed out of users so far. Just based on the scale of this malware, it could hands be millions of dollars per calendar month. Researchers institute that the Night Herring malware could have wrongly charged users upward to $xv/month on average.

Night Herring apps have been flocking the internet since at least March 2020

The malware was reportedly operational in over seventy countries hiding beneath web pages in the user's local linguistic communication. Information technology could identify the user'south local language based on IP accost information. As the zLabs team points out, users are more likely to click on a link that'south in their local linguistic communication. After infiltrating the device through these means, the malware then determines whether to attack the victim via Direct Carrier Billing subscription using server-side logic.

Some of the apps involved in the Nighttime Herring malware date back to March 2020. Meanwhile, the most recent is from November 2021. What makes scams similar this peculiarly concerning is the fact that it is usually tied to carrier billing. This means that many customers won't realize they're paying for a service they aren't using until information technology'southward too late.

Equally with the GriftHorse malware reported months agone, some Dark Herring apps are all the same lurking on third-party app hubs. Keeping this in mind, Android users should be highly cautious while downloading something from a 3rd-party app market place. It'south besides helpful to remember that if you lose money through such malware, there's little to no hope of getting it back.

You can find additional details about the Nighttime Herring malware from the link here.