Malicious Android apps have been found for sale on the darknet, fetching up to $20,000, according to Kaspersky security researchers.
The company described its findings in a post published Monday, saying the team collected examples from nine different darknet forums where these apps were sold.
“Like legitimate forums to sell goods, there are different darknet offers for customers with different needs and different budgets,” reports Kaspersky. “To publish malicious apps, cybercriminals need a Google Play account and a malicious downloader code (Google Play loader).”
According to Kaspersky, developer accounts can be purchased for between $60 and $200 each. Malicious loaders, on the other hand, range in cost from $2,000 to $20,000, depending on the complexity of the malware and malicious code and additional functionality.
These tools are usually disguised as cryptocurrency trackers, financial apps, QR code scanners, dating apps, etc.
Read more about Android malware here: New Android Banking Trojan ‘Nexus’ Advertised as MaaS
“Cybercriminals also highlight the number of downloads of legitimate versions of their apps, which means that by updating an app to add malicious code, potential victims can get infected. I mean numbers. In most cases, the proposals specify more than 5000 downloads,” Kaspersky wrote.
Additionally, cybercriminals can pay extra to hide application code, making detection more difficult.
“To increase the number of malicious app downloads, many attackers offer to buy installs, directing traffic to Google Ads to get more users to download the app. It varies from country to country,” reads the report.
Regarding the “business model” behind these apps, the attackers offer either a share of the ultimate profit from the malware, its rental, or the outright purchase of an account or threat.
Kaspersky security expert Alisa Krishenko said: “At the same time, the quality of cybersecurity her solutions that protect users from these attacks is also improving.”
Another Kaspersky report published at the end of February found that 196,476 new mobile banking Trojans were installed in 2022, more than double the number in 2021.
