Feeds

Malware devs offer $100 a pop for 'active' Google Play accounts

Underground market is full of Android wrongness

Protecting against web application threats using SSL

Virus writers are paying top dollar for access to "active" Google Play accounts to help them spread mobile malware across the Android ecosystem.

Google charges $25 to Android developers who wish to sell their wares through the Google Play marketplace but a denizen of an underground cybercrime forum is offering to purchase these accounts for $100 apiece, a 300 per cent mark-up.

The miscreant is offering "$100 for sellers willing to part with an active, verified Play account that is tied to a dedicated server". Developer accounts at Google Play can be used to offer malware up as legitimate apps before offering these Trojanised packages for sale to prospective marks.

The same wheeler-dealer is also selling an Android mobile malware creation toolkit that targets banking customers of Citibank, HSBC and ING and many other banks in multiple countries, reports investigative journalist turned security blogger Brian Krebs.

The Perkele (a Finnish curse word for “devil” or “damn”) malware sold by the trickster is designed to intercept incoming SMS messages from banks sent to infected Android phones. Perkele is designed to work in tandem with malware on compromised PCs. When a surfer visits a banking site from an infected PC they are prompted to supply their number and install a "special security certificate" on their mobile phone.

Links to a website hosting mobile malware are then sent to this phone number in the hopes of tricking victims into installing the mobile component of Perkele onto their Android smartphones.

As Krebs explains (screenshot here), this approach to mobile banking malware is fairly rudimentary and doesn't bear comparison with the most advanced mobile malware but scores in terms of flexibility and apparent effectiveness. Perkele is designed to work alongside any malware family that support web injects. The hawker of the cybercrime tool has been endorsed by several forum buyers.

Denizens of the underground marketplace can purchase a custom application that targets one specific financial institution for $1,000, or a complete mobile malware creation toolkit for $15,000.

The market for hijacked or fraudulent developer accounts on Google Play is part of the reason, among many others, that Android malware is a growing problem. By contrast, Apple's much tighter control of its marketplace has meant the mobile malware on iOS has been almost non-existent right from the off and going back seven years. It is only spoiled by extremely isolated example of worms that only affected users of jailbroken iPhones, such as the "Duh" or Ikee-B worm, which formed the key part of a banking scam back in 2009.

By contrast, according to figures from Kaspersky Lab, by the end of 2012 more 43,000 malicious programs were targeting Android devices. More than 99 per cent of new threats discovered by the Russian security firm last year targeted Android-based smartphones and tablets, with less than one per cent aimed at devices running Symbian and BlackBerry operating systems or supporting the mobile version of Java.

The most widespread Android threats can be divided into three major groups: SMS Trojans, which steal money by sending premium texts; adware; and exploits to gain root access that allow criminals to enter the device and extract any data stored on it. Most of the small number of nasties targeting Symbian and BlackBerry smartphones specifically target victims’ bank accounts, according to Kaspersky Lab. ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.