A new report showed that malicious mobile apps and store developer accounts are being sold for up to USD 20,000 dollars. The report says, experts have found it while analysing offers of malicious apps on Google Play for sale on the Darknet.
Every year, a large number of fraudulent apps are removed from Google Play after infecting their target users. According to the cybersecurity company Kaspersky, cybercriminals congregate on the Darknet to buy and sell dangerous Google Play apps as well as use them to improve and even publicise their inventions.
Security expert at Kaspersky, Alisa Kulishenko said, “On Darknet, we found messages from cybercriminals complaining how it is now much harder for them to upload their malicious apps to official stores. However, this also means that they will now come up with much more sophisticated circumvention schemes, so users should stay alert and carefully check which apps they are downloading.”
The report also noted that, like regular forums for buying and selling things, there are distinct Darknet offers for different purposes and customers with varying budgets.
To launch malicious software, cybercriminals need a Google Play account and a malicious downloader code (Google Play Loader), but a developer account may be obtained for as low as USD 200 dollars and occasionally as little as USD 60 dollars.
Depending on the complexity of the virus, the originality and ubiquity of the bad code, and the extra features, malicious loaders can cost anywhere from USD 2,000 to USD 20,000 dollars.
Most often, the malware being distributed is suggested to be hidden under cryptocurrency trackers, financial apps, QR-code scanners and even dating apps.
According to the report, thieves can obscure the application code to make it more difficult for cybersecurity solutions to detect for an additional cost.
In order to enhance the number of malicious app downloads, several attackers offer to buy driving traffic to the app through Google advertisements.
The report also demonstrated how Darknet vendors might offer to have the malicious software published for the customer, avoiding any direct contact with Google Play while still remotely obtaining all of the victims’ identified data.