Feeds

Malware devs offer $100 a pop for 'active' Google Play accounts

Underground market is full of Android wrongness

SANS - Survey on application security programs

Virus writers are paying top dollar for access to "active" Google Play accounts to help them spread mobile malware across the Android ecosystem.

Google charges $25 to Android developers who wish to sell their wares through the Google Play marketplace but a denizen of an underground cybercrime forum is offering to purchase these accounts for $100 apiece, a 300 per cent mark-up.

The miscreant is offering "$100 for sellers willing to part with an active, verified Play account that is tied to a dedicated server". Developer accounts at Google Play can be used to offer malware up as legitimate apps before offering these Trojanised packages for sale to prospective marks.

The same wheeler-dealer is also selling an Android mobile malware creation toolkit that targets banking customers of Citibank, HSBC and ING and many other banks in multiple countries, reports investigative journalist turned security blogger Brian Krebs.

The Perkele (a Finnish curse word for “devil” or “damn”) malware sold by the trickster is designed to intercept incoming SMS messages from banks sent to infected Android phones. Perkele is designed to work in tandem with malware on compromised PCs. When a surfer visits a banking site from an infected PC they are prompted to supply their number and install a "special security certificate" on their mobile phone.

Links to a website hosting mobile malware are then sent to this phone number in the hopes of tricking victims into installing the mobile component of Perkele onto their Android smartphones.

As Krebs explains (screenshot here), this approach to mobile banking malware is fairly rudimentary and doesn't bear comparison with the most advanced mobile malware but scores in terms of flexibility and apparent effectiveness. Perkele is designed to work alongside any malware family that support web injects. The hawker of the cybercrime tool has been endorsed by several forum buyers.

Denizens of the underground marketplace can purchase a custom application that targets one specific financial institution for $1,000, or a complete mobile malware creation toolkit for $15,000.

The market for hijacked or fraudulent developer accounts on Google Play is part of the reason, among many others, that Android malware is a growing problem. By contrast, Apple's much tighter control of its marketplace has meant the mobile malware on iOS has been almost non-existent right from the off and going back seven years. It is only spoiled by extremely isolated example of worms that only affected users of jailbroken iPhones, such as the "Duh" or Ikee-B worm, which formed the key part of a banking scam back in 2009.

By contrast, according to figures from Kaspersky Lab, by the end of 2012 more 43,000 malicious programs were targeting Android devices. More than 99 per cent of new threats discovered by the Russian security firm last year targeted Android-based smartphones and tablets, with less than one per cent aimed at devices running Symbian and BlackBerry operating systems or supporting the mobile version of Java.

The most widespread Android threats can be divided into three major groups: SMS Trojans, which steal money by sending premium texts; adware; and exploits to gain root access that allow criminals to enter the device and extract any data stored on it. Most of the small number of nasties targeting Symbian and BlackBerry smartphones specifically target victims’ bank accounts, according to Kaspersky Lab. ®

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.