If you want to infiltrate users’ Android devices with malware through the official Google Play store, it can cost you around $20,000, Kaspersky suggests.
It comes after Russia’s infosec team studied nine dark web markets between 2019 and 2023 and found a slew of codes and services for sale to infect and hijack Google Play users’ phones and tablets.
Before cybercriminals can share their malicious apps from the official Google store, they’ll need a Play developer account, and Kaspersky says these sell for between $60 and $200 each. Once someone purchases one of these accounts, they will be encouraged to use something called a loader.
Uploading spyware directly to the Play Store for users to download and install may attract Google’s attention and lead to rejection of the app and the developer’s account. A loader will try to avoid this: this is software that a criminal can hide in his otherwise innocent-looking legitimate application, installed from the official store, and at an appropriate time, the loader will recover and will apply an update for the app that contains malicious code that does things like steal data or commit fraud.
This update may request additional permissions to access the victim’s files and may need to be removed from an unofficial store with the victim’s blessing; it depends on the configuration. The app may refuse to function normally until the charger is allowed to do its job, convincing brands to open up their devices to scammers. These tools are more expensive, ranging from $2,000 to $20,000, depending on the complexity and capabilities required.
“Among the features of the loader, their authors can highlight user-friendly UI design, convenient control panel, victim country filter, support for latest Android versions, etc.,” according to the report. from Kaspersky, which indicates that cybercriminals sometimes include instructions or demonstrations. videos with the list, or offer to send demos to potential customers.
“Cybercriminals can also supplement the trojanized application with functionality to detect a debug or sandbox environment,” the researchers added. “If a suspicious environment is detected, the loader can shut down its operations or notify the cybercriminal that it has likely been discovered by security investigators.”
Would-be criminals who don’t want to pay thousands for a loader can pay a lot less – between $50 and $100 – for a linking service, which hides a malicious APK file inside a legitimate app. However, these have lower successful install rates than loaders, so even in the criminal underworld you get what you pay for.
Some other illicit services offered for sale on these forums include virtual private servers ($300), which allow attackers to redirect traffic or control infected devices, and web injectors ($25 to $80) which monitor victim-selected websites on their infected devices. and replace those pages with malicious pages that steal login credentials or the like.
Criminals can pay for their malware obfuscation, and they can even get a better price if they buy a bundle. “One of the vendors offers obfuscation of 50 files for $440, while the cost of processing a single file from the same vendor is around $30,” the Kaspersky team explains.
Additionally, to increase downloads to a malicious app, thereby making it more attractive to other mobile users, attackers can purchase installs for 10 cents to $1 each.
To be clear, Google Play does not intentionally allow the sale of malicious apps on its store. However, even with apps prescreening and removing malicious apps as soon as they are spotted, criminals still find ways to bypass these security measures and download malware-infected apps from official stores.
Last year alone, Kaspersky said it discovered more than 1.6 million malware or unwanted software installers targeting mobile users. Unfortunately, the Security Store predicts that these threats will only become “more complex and advanced” in the future.
To avoid becoming an unwitting victim, researchers remind users not to enable installation of unknown apps and to always check app permissions to ensure they are not accessing more than they have. needed to perform their duties.
Also, for organizations: protect developer accounts from being hacked to spread malware using strong passwords and multi-factor authentication. It’s also a good idea to monitor dark web forums for credential dumps, in case yours are listed. ®
#infect #Android #phones #Google #Play #Store