How Android malware being sold on darknet forums.

Cybersecurity researchers working for Kaspersky have found android malware that is being sold on the dark-net. The software is reportedly priced at $20,000 and is considered to be a major risk. The findings were described in a newly published article. Kaspersky previously found over 1.6 million types of malware targeting android users, but this latest threat is much more serious.

Malware Targeting Android

The rise of Android malware has become a significant threat to the security of millions of Android users around the world. Malware refers to any software that is designed to harm, steal data or spy on its victims. Cybercriminals have continued to develop sophisticated malware designed to target Android operating systems, which has led to a rapid increase in malware incidents over the past few years.

One of the most common ways that Android malware is being spread is through malicious apps. Targeting android devices is simpler than iOS as android allowes users to install applications from 3rd party sources. Cybercriminals create fake or cloned apps and upload them to unofficial app stores, posing as legitimate apps. Unsuspecting users download and install these malicious apps, which then infect their devices with malware. Some malware-infected apps have also been known to hide in plain sight, disguising themselves as legitimate apps, making them difficult to detect.

In 2022, Kaspersky managed to identify over a million types of such malware that was designed to target android users. Similar malware targeting android devices has been around for years, but the numbers only recently started to skyrocket.

A Serious Threat

The latest findings by Kaspersky are much more serious than the malware identified last year. What makes this different is that the infected software is installed directly from google and not a 3rd party. Verified play-store developer accounts and software is currently being sold on dark-net forums. This means that an unsuspecting user can download the app directly from the google play store and infect the device.

Google claims to have a verification process in place, checking software for malware before being published. Unfortunately it seems that some managed to bypass this process, or trick google into publishing infected software. This is usually done by first passing the checks, and then re-uploading a slightly different version of the app.

Recent Surge in Malware

Many users started reporting malicious apps on the play store in recent times. This has prompted google to start investigating, with many apps instantly getting removed from the store. Despite that, with a market that big its hard for any corporation to check every line of code. Kasperskys findings claim that the most common type of malicious apps are QR code scanner and fake daring apps. To make money the app then users all sorts of tactics, from stealing user data, to replacing cryptocurrency addresses when sending coins.

Malware Loaders

Developer accounts sold on the dark-net can cost over $20,000. Despite that, most offer services now known as “malware loading”. One that wants his malicious app on the play store can pay a loader anywhere from 2,000 to over 20,000 USD to get his application on the store. After that, most loaders charge per download. The cost of that is anywhere from $0.10, to a few dollars per user. After finding a “loader” on a dark-net forum, communications and transactions take place in more private channels like telegram. This is done in order to keep a low profile.

Conclusion

With the rising popularity of the dark-net, the number of cyber-criminals is rising. More and more people are looking for easy ways to make money with the end result being a large influx of infrastructure attacks, malware and more. This latest round of malware targeting android is yet another example of that. It is unclear what steps google will take to resolve the issue, but a more thorough review of applications i expected.