Delete Immediately! There are 470 Naughty Credit Suction Applications


 Google removed 470 rogue applications from the Google Play Store that were caught sucking users' credit. Relying on a malware called 'Dark Herring', these hundreds of applications attack more than 100 million users worldwide and incur losses of up to hundreds of millions of dollars.

The Dark Herring malware was discovered by a team of researchers from the cybersecurity company Zimperium zLabs. This malware is known to have started circulating since two years ago, with the earliest findings in March 2020 and still active until November 2021.



This malware works by exploiting the Direct Carrier Billing (DCB) feature which is widely used in developing countries. This feature allows users to buy things online and get paid by deducting credit or added to the monthly bill on a postpaid card.



Zimperium estimates this malware manages to steal USD 15 per month from each of its victims. Given the number of victims reached 105 million people spread across 70 countries, the figure behind this malware managed to steal hundreds of millions of dollars.


Hundreds of applications kicked by Google from many categories, ranging from games, entertainment, photo editing, productivity, and others. To make users trust and unsuspect, these hundreds of apps work as advertised.


Zimperium says these hundreds of apps don't carry any malicious code and maybe this is what allows them to trick Google Play's malware checks. Their method is also fairly subtle, first the app will download an additional script that determines the language the phone uses and the user's location.


That information is then uploaded to a command-and-control server which will determine whether or not to deceive the user. If the answer is yes, the app then loads a malicious website with the appropriate language and flag for the user's country, which then prompts the user to enter his phone number for 'verification'.


"Users are usually more comfortable sharing information with websites that are in their local language," Zimperium said in its report, as quoted from Tom's Guide, Monday (31/1/2022).


"But in reality, they registered their phone number with the Direct Carrier Billings service which started charging them an average of USD 15 per month," he continued.


Victims of the Dark Herring malware were found in more than 70 countries. But there are some countries that are easy targets for this malware, such as Egypt, Finland, India, Pakistan, and Sweden, because of the lack of protection for consumers who are victims of DCB scams.



Currently, the 470 rogue apps have disappeared from the Google Play Store, but there are still many found in third-party app stores. Users who still have these applications installed will likely continue to be drained of credit, so it is recommended to remove them from the phone immediately.


You can see the full list of the 470 malicious apps in the Github database below. Some of the popular applications containing the Dark Herring malware that have been downloaded millions of times include:


- smashex

- Upgrade

- HD Streams

- Vidly Vibe

- Cast It

- My Translator Pro

- New Mobile Games

- StreamCast Pro

- Ultra Stream

- Photograph Labs Pro

- VideoProj Lab

- Drive Simulator

- Speedy Cars - Final Lap

- Football Legends

- Football HERO 2021

- Grand Mafia Auto

- Offroad Jeep Simulator

- Smashex Pro

- Racing City

- Connecttool

- City Bus Simulator 2

Previous Post Next Post

Contact Form