Malicious loader programs that can trojanize Android applications are being sold by criminal gangs for up to $20,000 as a way to bypass Google Play store defenses.
In a new report based on messages posted on online forums between 2019 and 2023, Kaspersky says, “The most common application categories that hide malware and unwanted software include cryptocurrency trackers, financial apps, QR code Including scanners and even dating apps.
Dropper apps are the main way attackers try to sneak malware through the Google Play Store. Such apps often masquerade as seemingly harmless apps, introduce malicious updates once they pass the review process, and the application gains a sizeable user base.
This is achieved through the use of loader programs, which are responsible for injecting malware into clean apps. The app will be available for download from the App Marketplace. Users who install the modified app are asked to grant intrusive permissions to facilitate malicious activity.
In some cases, apps also have anti-analysis capabilities built in to detect if they are being debugged or installed in a sandbox environment and, if so, stop them from operating on compromised devices.
As another option, threat actors can purchase hacked or newly created Google Play developer accounts from sellers for between $60 and $200, depending on the number of apps already published and downloaded. can.
App developer accounts that lack strong passwords and two-factor authentication (2FA) protection are easily cracked and sold, allowing other actors to upload malware to existing apps.
A third option is to use the APK Binding Service. The service hides malicious APK files in legitimate applications and distributes malware through phishing texts and dubious websites promoting cracked games and software.
Binding services are less expensive as tainted apps are not available from the Google Play store as opposed to loaders. In particular, this technique has been used in the past to deliver Android banking Trojans such as SOVA and Xenomorph.
Learn How to Secure Your Identity Perimeter – A Proven Strategy
Improve your business security in our upcoming expert-led cybersecurity webinar: Exploring Identity Perimeter Strategies!
Don’t miss it – secure your seat!
Other illegal services sold in the cybercrime market include Malware Obfuscation ($30), Web Injection ($25-80) and Virtual Private Servers ($300). The latter can be used to control infected devices and redirect users’ traffic.
Additionally, attackers can purchase installs of their Android apps (legitimate or otherwise) for an average of $0.50 through Google Ads. Installation costs vary by target country.
To reduce the risks posed by Android malware, users are advised to refrain from installing apps from unknown sources, scrutinize app permissions, and keep their devices up to date.
