Feeds

Malware devs offer $100 a pop for 'active' Google Play accounts

Underground market is full of Android wrongness

Providing a secure and efficient Helpdesk

Virus writers are paying top dollar for access to "active" Google Play accounts to help them spread mobile malware across the Android ecosystem.

Google charges $25 to Android developers who wish to sell their wares through the Google Play marketplace but a denizen of an underground cybercrime forum is offering to purchase these accounts for $100 apiece, a 300 per cent mark-up.

The miscreant is offering "$100 for sellers willing to part with an active, verified Play account that is tied to a dedicated server". Developer accounts at Google Play can be used to offer malware up as legitimate apps before offering these Trojanised packages for sale to prospective marks.

The same wheeler-dealer is also selling an Android mobile malware creation toolkit that targets banking customers of Citibank, HSBC and ING and many other banks in multiple countries, reports investigative journalist turned security blogger Brian Krebs.

The Perkele (a Finnish curse word for “devil” or “damn”) malware sold by the trickster is designed to intercept incoming SMS messages from banks sent to infected Android phones. Perkele is designed to work in tandem with malware on compromised PCs. When a surfer visits a banking site from an infected PC they are prompted to supply their number and install a "special security certificate" on their mobile phone.

Links to a website hosting mobile malware are then sent to this phone number in the hopes of tricking victims into installing the mobile component of Perkele onto their Android smartphones.

As Krebs explains (screenshot here), this approach to mobile banking malware is fairly rudimentary and doesn't bear comparison with the most advanced mobile malware but scores in terms of flexibility and apparent effectiveness. Perkele is designed to work alongside any malware family that support web injects. The hawker of the cybercrime tool has been endorsed by several forum buyers.

Denizens of the underground marketplace can purchase a custom application that targets one specific financial institution for $1,000, or a complete mobile malware creation toolkit for $15,000.

The market for hijacked or fraudulent developer accounts on Google Play is part of the reason, among many others, that Android malware is a growing problem. By contrast, Apple's much tighter control of its marketplace has meant the mobile malware on iOS has been almost non-existent right from the off and going back seven years. It is only spoiled by extremely isolated example of worms that only affected users of jailbroken iPhones, such as the "Duh" or Ikee-B worm, which formed the key part of a banking scam back in 2009.

By contrast, according to figures from Kaspersky Lab, by the end of 2012 more 43,000 malicious programs were targeting Android devices. More than 99 per cent of new threats discovered by the Russian security firm last year targeted Android-based smartphones and tablets, with less than one per cent aimed at devices running Symbian and BlackBerry operating systems or supporting the mobile version of Java.

The most widespread Android threats can be divided into three major groups: SMS Trojans, which steal money by sending premium texts; adware; and exploits to gain root access that allow criminals to enter the device and extract any data stored on it. Most of the small number of nasties targeting Symbian and BlackBerry smartphones specifically target victims’ bank accounts, according to Kaspersky Lab. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Hackers thrash Bash Shellshock bug: World races to cover hole
Update your gear now to avoid early attacks hitting the web
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.