Zimperium zLabs Researcher, specialized in cyber security issues, told about the fraudulent campaign Dark herring, in which 470 applications were distributed through the Google Play Store. At the moment they are all already being removed by Google.
Most of these applications were for entertainment purposes and all offered users the opportunity to sign up for “premium” services. When a user registered, money was withdrawn from his personal account with a mobile operator (relatively small amounts – up to $15) using DCB (Direct Carrier Billing) technology.
The “target group” of the attack were mobile phone customers with postpaid tariffs who actually use the DCB payment system. Little did they know that the requests were “paid”, at least until they received an invoice from the operator. In some cases, it wasn’t even a one-time payment, but a subscription with regular withdrawal of funds.
Attackers can’t deny the ingenuity: the applications didn’t contain any malicious code, which means it wasn’t easy to detect a massive fraudulent attack. Some of the victims, the researchers found, only became aware of a suspicious overdraft on the account after a few months. Total applications perform has been downloaded 105 million times by users in 70 countries. Zimperium zLabs called Dark Herring’s fraudulent campaign one of the longest in history. Google has already removed all of these apps from the Play Store, although many of them are still available in third-party app stores. Experts estimate that the attackers have already made hundreds of millions of dollars from this project.