2022 starts strong with malware. It starts with SMS banking scams, continues with a dangerous evolution of BRATA capable of formatting your phone and now we know from a report by Secureblink that there is new malware affecting 105 million Android phones worldwide .

We will tell you how this malware works, which areas it mainly affects and how you can avoid getting infected. Infected apps steal your money through subscriptions, so it is quite dangerous.

Dark Herring, or how to steal from you thanks to subscriptions

Depending on the country you live in, your language and its flag appear to enter your phone number.

Dark Herring is the name of this malware discovered by Zimperium Labs.Researchers have reported more than 105 million victims worldwide which is quite a high number. The amount of money defrauded, according to the report, is “hundreds of millions of dollars”, large-scale malware that enrolls the user in premium services.

Nearly 470 such apps were present on the Play Store, reaching millions of users

These are applications that were present in the Google Play Store itself, as well as in some third-party stores. From Zimperium Labs, they reported the malware to Google, which eliminated the applications that were reported, although there may still be some to discover. At the time of this article’s publication, the phishing sites the apps led to have gone down, although there’s nothing stopping them from being reactivated at different URLs.

Areas affected by malware.

This campaign targeted more than 70 countries, including Spain. After infecting the device, the app communicates with the server, exposes the victim’s IP address and directs them to a phishing website based on their IP address. So they can direct you to a page in your language, wherever you are.

After completing the data, they send the numbers to a direct billing service that charges an average of $15 per month, with no option to unsubscribe from the service since that address is no longer reachable and the process is not allowed to the reverse.

The malware was perfectly distributed, with a presence in almost every category of the Google Play Store.

Researchers report that nearly 470 apps have been released on the Play Store with this malware, an alarming figure that once again highlights how relatively easy it is to download malicious apps from the Google Store. The strategy was to divide the apps into the different categories of the Play Store, making it even more difficult to keep track of them.

As we always advise, never enter your phone on suspicious web pages, let alone when an app asks you to. Except for messaging apps that need the number to create a profile, it is always advisable to avoid giving out our data.

Through | secureblink