Scams and fraud on the Internet are very varied and can affect us more than we sometimes think. Sometimes we trust an application or a service where we are registered, but in reality it can become a significant security problem. In this article we are going to talk about the new fraud that affects Android users and we will explain how we can fall into the trap.
New Android subscription scam
This is a scam that consists of subscribing Android users to paid services. Specifically, this campaign has been called Dark Herring and has used no less than 470 applications from Google Play. In total, more than 100 million users have been affected by this problem. In addition, this problem has affected victims from more than 70 countries.
Subscriptions basically consist of paying a fee of about 15 euros per month. It is common when we install a Premium application or we want an extra service that has a supplement in some tool that we use to edit photos, social networks or anything.
The problem is that users in many cases realized that they were paying for subscriptions even several months later. When they found out, they saw those fraudulent charges that they didn’t know what they really corresponded to.
This technique is mainly based on anti-virus detection capabilities, through different applications that contained the malicious code and the use of proxies as URLs. Combining all of this, the victim installed a program that had the ability to sign them up for those subscription plans.
When installing the application, the antivirus does not jump. It automatically starts scripts to collect information about the victim’s configuration. You will get details like the language, the country you are in, etc. This way you can continue to the next step, which is basically assigning a subscription that is tailored to that information. You will ask the victim to enter a phone number and enter a code that you will receive by SMS .
What is the victim’s mistake
You will wonder what is the main mistake that all these users have made, but you will be able to get an idea after what we have explained. Basically, the error consists of installing an application, even if it is from official sources and in principle safe, but giving personal data without really knowing what it corresponds to.
In this case we have seen that there were 470 applications that were in Google Play. We cannot say that the victims have installed programs from fonts outside the official store. However, they have also made the mistake of giving their phone number without really knowing the reason and, in addition, entering that verification code that they received by SMS.
How should you proceed in these cases? Common sense is very important. You must only install applications that you really know where they come from, what their function is and never give more personal data than is really necessary. You should always avoid making mistakes of this type.
In addition, it will be essential to have the devices updated to be able to correct possible vulnerabilities, as well as to install a good security program that is capable of detecting threats.