Dark Herring Malware

The Dark Herring is a mobile malware that has managed to infect more than 105 million Android devices and then include unauthorized charges onto the user's mobile carrier bills. The behavior of the threat classifies it as a cash-stealer. Details about this potent malware were released by the researchers at Zimperium.

According to their findings, the Dark Herrin operation was carried out by a new sophisticated threat actor with sufficient access to resources. These conclusions are based on the fact that the malware was spread via close to 500 different corrupted applications that had managed to pass the security checks of the official Google Play Store. This achievement was predicated on the fact that the applications were not barely-functional clones of each other.

Instead, the attackers crafted 470 applications that functioned exactly as advertised and were aimed at various, different segments ranging from sports, video games, entertainment, lifestyle, photography and more. Google has intervened and removed all the Dark Herring applications from their stores but compromised users may need to delete the harmful applications from their devices manually or risk being further exploited in the future.

Once the Dark Herring was delivered to the user's Android device, it was responsible for adding $15 charges to the victim's monthly bill. The sum is small enough not to cause immediate suspicion even if the computer user was infected. However, due to the massive number of compromised devices, it is estimated that the cybercriminals were able to siphon hundreds of millions from their victims. The threatening campaign is believed to have run between March 2020 and November 2021.

The successful infection chain is mostly attributed to social engineering and geotargeting tactics adopted by the hackers. The attackers targeted users from over 70 countries across the world and provided the necessary resources for the corrupted applications to support the native language of the targeted victim. The primary targets of the campaign were users from countries with less strict consumer protection laws. The bigger concentration of the Dark Herring victims is found in Egypt, Finland, India, Pakistan and Sweden.