Malicious Android Apps Sold For Up to $20,000 on Darknet

by admin 0 Comments

Security
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Malicious Android apps have been found for sale on the darknet and are being sold for up to $20,000, according to security researchers at Kaspersky.

The company described the findings in an article published on Monday, in which it said the team collected examples from nine different darknet forums where these apps are being sold.

“Like on legitimate forums for selling goods, there are various Darknet offers for different needs and customers with different budgets,” reported Kaspersky. “To publish a malicious app, cybercriminals need a Google Play account and a malicious downloader code (Google Play Loader).”

Developer accounts can be bought for $60–$200 each, Kaspersky explained. On the other hand, the cost of malicious loaders ranges between $2000 and $20,000, depending on the complexity of malware and malicious code, as well as additional functions.

These tools are usually disguised as cryptocurrency trackers, financial apps, QR-code scanners or dating apps.

Read more on Android malware here: New Android Banking Trojan ‘Nexus’ Promoted As MaaS

“Cybercriminals also highlight how many downloads the legitimate version of that app has, which means how many potential victims can be infected by updating the app and adding malicious code to it. Most frequently, the suggestions specify 5000 downloads or more,” Kaspersky wrote.

Further, cybercriminals can also pay an additional fee to hide the application code and make it harder to detect.

“To increase the number of downloads to a malicious app, many attackers also offer to purchase installs directing traffic through Google ads and attracting more users to download the app. Installs cost differently for each country,” reads the report.

Regarding the ‘business model’ behind these apps, threat actors offer either a share of the final profit from the malware, rent of the same, or full purchase of either an account or a threat.

“Malicious mobile apps continue to be one of the top cyber-threats targeting users, with more than 1.6 million mobile attacks detected in 2022,” commented Alisa Kulishenko, a security expert at Kaspersky. “At the same time, the quality of cybersecurity solutions that protect users from these attacks is also increasing.”

Case in point, a separate Kaspersky report published at the end of February suggested there were 196,476 new mobile banking Trojan installers in 2022 in the wild, more than double the figures from 2021.

This article was originally published by Infosecurity-magazine.com. Read the original article here.
Share on Facebook
Share on Twitter
Share on Pinterest
Share on LinkedIn

Products You May Like

Articles You May Like

Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw
Alarming Decline in Cybersecurity Job Postings in the US
OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt
Russian APT Deploys New ‘Kapeka’ Backdoor in Eastern European Attacks
Russia and Ukraine Top Inaugural World Cybercrime Index

Leave a Reply

Your email address will not be published. Required fields are marked *