We are reader supported. External links may earn us a commission.


Dark Herring malware infected apps slip Google and infect 105 million users

By Roland Udvarlaki January 31, 2022, 7:00 am
Smartphone malware Source: Pexels

Researchers discovered a new malware, called Dark Herring, that went undetected for a very long time, charging unsuspected users money. All of the applications appeared, safe, legit, and verified, and they were widely available on Google Play Store and other third-party App Stores. The malware campaign found up to 105 million victims globally, and it's one of the biggest scams in mobile history.

Researchers from Zimperium zLabs discovered a new “premium service abuse campaign with upwards of 105 million victims globally”, and the malware that caused the problems was named “Dark Herring”. The total stolen money that was scammed out of unsuspected users could be well into the hundreds of millions of dollars, but it’s hard to tell what the exact amount may be.


Seemingly, totally normal and harmless applications were added to the Google Play Store, all of which looked like normal apps. Their descriptions and permission requests didn’t raise alarms as they seemed genuine. Things started to change when users started to notice a few months later that they kept getting charged via direct carrier billing.

For those unaware, Direct Carrier Billing (DCB) is a mobile payment method that allows users to make purchases made to their phones bills, using their phone numbers. These apps targeted millions of users globally, and it was available in over 70 countries. Dark Herring charged, on average, $15 every month. The amount was often too little to immediately notice, and many users went on for months without noticing an issue. There were a total of 470 applications uploaded to the Google Play Store infected with Dark Herring. You can see the full list of applications here.

The researcher team established that the Dark Herring Android Scamware campaign was one of the most successful campaigns ever and ran the longest. Researchers revealed the date of publication of the apps, which dates back to March 2020. “Dark Herring is the longest-running mobile SMS scam discovered by the Zimperium zLabs team.”

How did Dark Herring work?

When a user downloaded and installed one of these Dark Herring infected apps, they appeared to function normally, without triggering any alarms with either the user or their devices. Soon, the user was redirected to a geo-specific webpage where they were asked to enter their phone number to verify themselves. Unfortunately, many users are often more prone to provide phone numbers to unknown people and services. This resulted in people getting charged, often for months, without noticing a change to their billing information.

Zimperium provided even more detail, revealing how the scam worked. If you want to read more about the technicalities, you can read the full article on their website.


Latest Articles


Here's how the Apple iPod changed the world in 21 years

iPod was an industry-changing device at its time, and it had a massive impact on modern smartphones, and the way we listen to music. We take a last look at the now-discontinued Apple iPod and the history it leaves behind.

By Roland Udvarlaki May 11, 2022, 10:00 am

How to use Mic Modes in VOIP and FaceTime Calls

This guide will go over the steps you need to follow to activate one of the available Mic Mode settings on Apple Devices to begin using the feature and improve your calling experience.

By Aryan Suren May 10, 2022, 10:00 am

This iPhone 14 feature might urge users to upgrade

Until now, it appeared that iPhone 14 would only be a minor upgrade over the iPhone 13 series. However, a new leak suggests that the iPhone 14 will come with one feature that might urge users to upgrade.

By Sanuj Bhatia May 9, 2022, 5:00 am