Zimperium zLabs, a Google Partner, discovered a scam that targeted more than 100,000,000 Android users. This scam is almost two years old and has been operating right under Google’s nose.
Google has since shut down the scam, but it still operated on some 470 Android applications. The scam was silently subscribing users to an expensive service for $15 per month via Direct Carrier Billing.
It is both terrifying and brilliant to use DCB. This is a legal mobile payment method that lets people pay digital content on the Play Store using their pre-paid balance, or with a post-paid bill.
Many times, users would subscribe to premium services for several months before realizing. The scammers responsible for the attack, dubbed Dark Herring after the group who discovered it, were making huge profits off of approximately 106 million Android users in more than 70 countries.
Every one of the many infected apps had its own unique identifier. This allowed the scammers to identify which apps brought them the highest illicit profit.
This cyberattack has really highlighted the difficulty of stopping something with a global reach. There are many consumer protection laws that vary from country to country. Users in certain countries might have legal recourse. However, most users living in other countries do not have any protection. They are simply looking for the cash.
However, kudos go to Zimperium and Google for their keen eyes. Google also took swift action to end the campaign. It's a small comfort to millions of people who were unable or unwilling to pay for it.
Android Malware Newly Released Steals Data and Factory Resets Phones
Kaspersky first discovered BRATA malware in wilds in 2019
In its earliest form, it targeted e-banking users. It was also designed to steal login and banking credentials. Researchers have found that the latest version of BRATA is even worse.
A new, dangerous variant of the virus has been discovered by security professionals. It adds several new features. One feature allows BRATA access to a variety of user data and then resets the infected device to factory settings when the infection is complete. It effectively wipes out most users' data.
Users aren’t good about backing up data and often don’t save the most important photos or videos to their cloud. This could lead to a significant personal and financial loss.
Even worse, hackers responsible for BRATA appear to be expanding.
Researchers began to see BRATA popping up across Europe in December 2021. Based on code samples that were recently analyzed, the group behind BRATA began to explore variants specifically tailored for each country. Researchers have discovered distinct variants that target e-banking users from the UK, Spain, Italy, Spain and China so far.
Bottom line, BRATA poses a grave threat to Brazil and those behind it are clearly looking beyond Brazil. This is one that you should be watching in 2022. It should be on the radar of your employees if it isn't already. Make sure to alert your employees as quickly as possible about the threat.
These protection protocols are standard. Before installing any app to your smartphone, do your research. You must ensure that you are getting the apps from Google Play Store directly. This is not bulletproof, but it will give you a good start.
