A sophisticated new malware, dubbed Dark Herring, was discovered by mobile device security experts at Zimperium zLabs. The code aims to trick users to subscribe for a faux service and pay $15 through Direct Carrier Billing. According to the report, 105 million users were tricked into signing up for that subscription.
The apps themselves didn’t have malicious code embedded in them. Rather, they had an encrypted string, which would lead the user out to a WebView page hosted on an Amazon CloudFront server. While the page asked the user to confirm their login by entering their phone number, Dark Herring was working in the background to determine country, language, and which Direct Carrier Billing it should latch onto.
So, while the bad actors behind Dark Herring did walk away with a lot of cash, the way this was all set up also shows a ton of preliminary investing and infrastructure planning. In other words, this is a well-funded operation, probably working on the next piece of malware right now.
How can we protect ourselves against this type of malware?
As noted, Dark Herring was quite adept at avoiding antivirus apps. However, it does ask the user to go beyond what’s reasonable to create a new account for an app.
And while we are sure our PhoneArena readers are quite aware of this, maybe it’s a good time to remind ourselves that there are those around us that are not so savvy. Kids can be especially naive and if pretty screenshots entice them to try a game, they may very quickly give up a phone number, thinking it’s just one of those “two factor things” we are all so used to seeing. And, of course, the elderly very often just do whatever the screen asks them to do, thinking it’ll just get them into an app.
Be sure to educate and remind those around you to not tap messages that insist their phone is infected and let them know that they should never, ever enter their phone number in an app that is not WhatsApp or Viber. In fact, just set those up for them and tell them to never enter their phone number for anything, period.
Lastly, just in case — keep an eye on that phone bill.
With the current lockdowns, a lot people that were not so tech-savvy in the past have found themselves spending more time in this digital world of ours. Sadly, this has also lead to more bad actors popping up, trying to exploit the less experienced. And — in the case of Dark Herring — some of them are obviously well-funded and super organized.